Hermes Skill Publishing Guide
Security checks across malware telemetry and agentic risk
Overview
This is a plain publishing guide for ClawHub skills, with no executable code or hidden behavior.
Safe to install as a reference guide. Review publish, delete, and merge commands before running them, and continue to handle ClawHub tokens privately rather than storing them in files or shell history.
SkillSpector
By NVIDIA
Vulnerability Patterns
- Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
- Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
- Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
- Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
- Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
VirusTotal
66/66 vendors flagged this skill as clean.