hermes-paperclip-adapter

SUSPICIOUS: the skill’s core purpose is coherent, but its footprint is high-risk because it enables a continuously managed AI employee with broad terminal/file/web/browser capabilities, persistent memory, and comment-driven execution. Install sources look conventional, yet the combination of autonomous operation, external CLI delegation, credential use, and promptable task/comment inputs makes this a high-security-risk integration even without clear evidence of malware or deceptive exfiltration.