hermesclaw-wechat-multi-agent
Fail
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: CRITICALREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFE
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill instructs the user to download an installation script from an untrusted GitHub repository (
AaronWong1999/hermesclaw) and pipe it directly to the bash interpreter (curl | bash). This allows the remote script to execute arbitrary code with the user's permissions. - [COMMAND_EXECUTION]: The skill requires the use of
sudoto perform system-level modifications, such as creating and enabling systemd services in/etc/systemd/system/and modifying file system symlinks. - [EXTERNAL_DOWNLOADS]: In addition to the main installer, the skill fetches auxiliary scripts (e.g.,
fix_hermes_splitting.sh) and patches from an unverified third-party repository. - [CREDENTIALS_UNSAFE]: The installation and troubleshooting instructions describe the automated extraction of sensitive iLink API tokens from existing configuration files located in
~/.openclaw/and~/.hermes/.env. These tokens provide full access to the associated WeChat bot account.
Recommendations
- HIGH: Downloads and executes remote code from: https://raw.githubusercontent.com/AaronWong1999/hermesclaw/main/install.sh - DO NOT USE without thorough review
- AI detected serious security threats
Audit Metadata