hermes-war-room-ui

CRITICAL E005: Suspicious download URL detected in skill instructions.

• Suspicious download URL detected (high risk: 0.70). The package includes a direct GitHub release tarball and repo from a relatively unknown account plus instructions to download, extract, and run code that accesses local ~/.hermes data and shells out to CLIs—actions that make this a potentially risky/unverified download source even though it’s hosted on GitHub and uses localhost for the UI.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 0.80). The prompt includes instructions and examples that modify system-level files and services (e.g., creating a systemd unit, running sudo systemctl enable/start, nginx reverse-proxy configs) which push the agent toward actions requiring elevated privileges and changing machine state.