Unitree Hermes Colab

Security checks across malware telemetry and agentic risk

Overview

This skill is a clearly scoped Unitree/Hermes Colab helper with explicit safety boundaries and no evidence of hidden, destructive, or deceptive behavior.

Install this only if you want Codex help building or reviewing the Unitree Hermes Colab workflow. Review generated notebooks before running them, keep Hermes execution opt-in, and provide model API keys only when you intend to run provider-backed analysis.

SkillSpector

By NVIDIA

Vulnerability Patterns

Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Vague Triggers

Medium

Confidence: 94% confidence
Finding: The skill enables implicit invocation without any visible trigger constraints, so the agent may activate this workflow in broader contexts than intended. Because this skill can drive package installation and Colab-based analysis workflows, ambiguous activation increases the chance of unintended execution, prompt-scope confusion, or use outside its stated safety-gated purpose.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal