hermes-attestation-guardian
Pass
Audited by Gen Agent Trust Hub on May 17, 2026
Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
- [SAFE]: The skill implements comprehensive integrity verification, including Ed25519 signature validation for remote advisory feeds and SHA-256 canonical digest checks for local posture artifacts. It adheres to a fail-closed design where any verification mismatch halts execution.
- [EXTERNAL_DOWNLOADS]: The advisory refresh mechanism fetches signed security data from the vendor's official domain (clawsec.prompt.security). These operations are protected by mandatory signature and checksum manifest verification logic to ensure authenticity and integrity.
- [COMMAND_EXECUTION]: The skill manages automated security tasks by safely interacting with the system's cron scheduler via the crontab utility. It uses well-defined managed marker blocks to add or update its specific commands without impacting other user configurations.
Audit Metadata