hermes-labyrinth-observability
Warn
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSREMOTE_CODE_EXECUTIONCOMMAND_EXECUTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill clones an external repository from "https://github.com/stainlu/hermes-labyrinth.git" during the installation and Docker setup process.
- [REMOTE_CODE_EXECUTION]: After downloading the repository, the instructions require running build and test scripts ("npm run build", "python3 scripts/test-plugin-api.py"), which executes code from the untrusted external source.
- [COMMAND_EXECUTION]: The skill executes various shell commands for directory management ("mkdir -p ~/.hermes/plugins"), cleanup ("rm -rf"), and local API interaction via "curl".
- [DATA_EXFILTRATION]: The plugin is designed to read sensitive local data from "
/.hermes/state.db", "/.hermes/skills/", and "~/.hermes/cron/". While it uses local API endpoints and claims to redact secrets, the potential for data exposure exists if the source repository is compromised. - [SAFE]: The skill documentation explicitly mentions and implements a "fail-closed" secret redaction mechanism using the "hermes.redactor" library, which is a defensive best practice.
Audit Metadata