hermes-web-ui-dashboard

SUSPICIOUS: the skill is broadly consistent with a Hermes administration dashboard, but its footprint is high-impact and the install trust is weaker than the branding suggests. Main concerns are unpinned curl/bash setup, unclear publisher-to-package relationship, personal Docker namespace, and the dashboard’s broad access to credentials, terminal, files, SSH/container backends, and scheduled actions. Data flows appear mostly local or to official provider endpoints rather than an obvious credential-harvesting proxy, so this is not confirmed malware.