hermes-agent-optimization
Fail
Audited by Gen Agent Trust Hub on May 18, 2026
Risk Level: HIGHREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [REMOTE_CODE_EXECUTION]: The 'Production VPS Bootstrap' section provides a command to fetch a shell script from a remote URL (
https://raw.githubusercontent.com/OnlyTerp/hermes-optimization-guide/main/scripts/vps-bootstrap.sh) and execute it. - [COMMAND_EXECUTION]: The remote script is executed via
sudo bash, granting the downloaded code full root access to the system. - [EXTERNAL_DOWNLOADS]: The resource is hosted under a personal GitHub account (
OnlyTerp) that is not a verified organization or well-known service, increasing the risk of supply chain compromise or malicious code injection.
Recommendations
- AI detected serious security threats
Audit Metadata