Mislead

Set a false campfire and watch who gathers around it.

What This Skill Does

Mislead is defensive deception: honeypots, canary tokens, decoy endpoints, fake datasets, and other convincing false presences that reveal who is snooping. The goal is not to trick legitimate users for sport. The goal is to create an instrumented fake that attracts unauthorized curiosity while the real system remains elsewhere. This makes the spell powerful and ethically sharp-edged. It needs explicit boundaries, isolation, and a clear monitoring objective before it should be deployed. In this grimoire, Mislead is treated as a hybrid spell with a prototype delivery profile. Canonical reference input: Mislead (spell).

When To Use

• You need a honeypot, canary token, or decoy endpoint to detect unauthorized discovery or access attempts.
• The real requirement is defensive visibility into who comes looking for sensitive assets.
• You can isolate the decoy from production behavior and document the response path if it gets touched.

Prerequisites

• No extra runtime dependencies beyond Hermes Agent and the normal toolset for this session.

Procedure