hermes-war-room-ui

SUSPICIOUS: the skill is largely coherent with its stated purpose as a local Hermes orchestration UI, and its reads of ~/.hermes plus hermes CLI control are proportionate. The main concerns are install trust for a GitHub release binary tied to a different stated publisher identity, a documented shell-out pattern that may permit command injection if copied literally, and elevated autonomy from multi-agent orchestration with broad worker tools. No clear malicious exfiltration or deceptive credential harvesting is evident from the provided skill text.