hermes-desktop-companion
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: HIGHCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONDATA_EXFILTRATION
Full Analysis
- [COMMAND_EXECUTION]: The skill provides instructions to grant the user passwordless sudo access by writing to /etc/sudoers.d/hermes-install, which significantly compromises system security by allowing processes to run administrative commands without authentication.
- [EXTERNAL_DOWNLOADS]: The skill directs users to download and execute platform-specific binaries from an external GitHub repository (fathah/hermes-desktop).
- [REMOTE_CODE_EXECUTION]: The first-run setup process involves downloading and executing a remote installation script from the NousResearch repository.
- [COMMAND_EXECUTION]: The skill implements slash commands (/shell and /code) that provide the AI agent with capabilities to execute arbitrary terminal commands and code on the host system.
- [COMMAND_EXECUTION]: The skill instructs users on how to bypass operating system security controls, specifically macOS Gatekeeper quarantine attributes (xattr -cr) and Windows SmartScreen warnings for unsigned binaries.
- [DATA_EXFILTRATION]: The combination of arbitrary shell access and the ingestion of untrusted web data creates a significant surface for indirect prompt injection and the exfiltration of sensitive local data like environment variables or configuration files.
Recommendations
- AI detected serious security threats
Audit Metadata