Back to skill

Security audit

Hermes Agent Skill

Security checks across malware telemetry and agentic risk

Overview

This appears to be a high-capability agent administration/configuration skill, but the sensitive behavior is aligned with that purpose and not backed by evidence of hidden or malicious actions.

Install only if you intend to administer this agent runtime. Keep provider keys out of chat and source control, restrict permissions on any local .env file, review configuration changes before applying them, and avoid enabling browser automation, delegation, public endpoints, or persistent memory unless you understand and want those capabilities.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill advertises code execution, browser automation, persistent memory, and delegation, but does not provide an explicit safety warning about the ability of Hermes to access data, execute actions, or affect system integrity. This omission can cause users or calling agents to invoke a highly capable external agent without informed consent or proper safeguards, increasing the risk of unsafe execution and data exposure.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The configuration guidance tells users to place provider keys in ~/.hermes/.env without any warning about secret handling, file permissions, logging, or accidental disclosure. This can lead to unsafe storage practices, credential leakage through backups or screenshots, and misuse by other local processes or tools that can read the file.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.