Skills
skills/prompt-security/clawsec/hermes-attestation-guardian/Gen Agent Trust Hub

hermes-attestation-guardian

Warn

Audited by Gen Agent Trust Hub on May 15, 2026

Risk Level: MEDIUMCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The skill interacts with the system's task scheduler using the crontab utility. The lib/cron.mjs module implements logic to list and update crontab entries for the current user.
  • [COMMAND_EXECUTION]: Persistence is established through scripts/setup_attestation_cron.mjs and scripts/setup_advisory_check_cron.mjs, which install recurring scripts into the crontab. These entries are managed within specific comment blocks (# >>> ... >>>) to ensure they can be updated or removed safely.
  • [EXTERNAL_DOWNLOADS]: The skill fetches remote advisory data from https://clawsec.prompt.security/advisories/feed.json using the refresh_advisory_feed.mjs script. It also provides instructions in SKILL.md to download release artifacts from the author's GitHub repository. Both sources are associated with the skill's vendor infrastructure.
  • [PROMPT_INJECTION]: The ingestion of external advisory feeds creates a potential surface for indirect prompt injection.
  • Ingestion points: Advisory data is fetched from remote URLs in lib/feed.mjs and scripts/refresh_advisory_feed.mjs.
  • Boundary markers: The skill employs JSON schema validation and Ed25519 signature verification to validate the integrity and authenticity of the ingested feeds before processing.
  • Capability inventory: The skill possesses the capability to modify the system crontab and write files within the user's ~/.hermes directory.
  • Sanitization: External JSON data is validated against a strictly defined schema in isValidFeedPayload, and cryptographic signatures are verified using verifySignedPayload before data influences system state.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 15, 2026, 02:50 AM