hermes-labyrinth-observability

SUSPICIOUS. The capability set mostly fits a Hermes observability plugin, and the documented data flows are local/read-only with redaction. The main concern is install trust: users are told to clone a personal GitHub plugin repo not clearly operated by the stated publisher or Hermes maintainers, with imperfect version-verification. This looks more like a third-party plugin with moderate supply-chain risk than overtly malicious behavior.