hermes-control-interface-dashboard
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
- [COMMAND_EXECUTION]: The dashboard includes core features for arbitrary shell command execution through a browser-based terminal (using
node-ptyandxterm.js) and a cron job management interface. These features provide a direct path for executing arbitrary code on the host system. - [PRIVILEGE_ESCALATION]: The installation instructions require
sudopermissions to install system dependencies. More critically, the recommended systemd service configuration (hermes-control.service) runs the application process with root privileges (User=root). - [EXTERNAL_DOWNLOADS]: The setup process involves cloning the entire application source code from an external, unverified GitHub repository (
https://github.com/xaspx/hermes-control-interface.git) and installing multiple third-party Node.js dependencies. - [DATA_EXFILTRATION]: The skill facilitates access to sensitive files and credentials. The file explorer provides read/write access to specified directories, and the configuration management system handles various third-party API keys (e.g.,
OPENROUTER_API_KEY,TELEGRAM_BOT_TOKEN,TAVILY_API_KEY). A compromise of this interface would lead to complete data exposure. - [INDIRECT_PROMPT_INJECTION]: The skill presents an attack surface for indirect prompt injection as it processes untrusted data.
- Ingestion points: External chat messages via
/api/chat/sendand local file content via/api/files/read. - Boundary markers: None explicitly described in the instruction set.
- Capability inventory: Significant capabilities including arbitrary terminal execution, file system modification, and cron job management.
- Sanitization: Mentions basic path validation and scoping for the file explorer, but general sanitization for message processing is not detailed.
Recommendations
- AI detected serious security threats
Audit Metadata