hermes-attestation-guardian

Pass

Audited by Gen Agent Trust Hub on May 17, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [SAFE]: The skill implements comprehensive integrity verification, including Ed25519 signature validation for remote advisory feeds and SHA-256 canonical digest checks for local posture artifacts. It adheres to a fail-closed design where any verification mismatch halts execution.
  • [EXTERNAL_DOWNLOADS]: The advisory refresh mechanism fetches signed security data from the vendor's official domain (clawsec.prompt.security). These operations are protected by mandatory signature and checksum manifest verification logic to ensure authenticity and integrity.
  • [COMMAND_EXECUTION]: The skill manages automated security tasks by safely interacting with the system's cron scheduler via the crontab utility. It uses well-defined managed marker blocks to add or update its specific commands without impacting other user configurations.
Audit Metadata
Risk Level
SAFE
Analyzed
May 17, 2026, 10:42 AM
Security Audit — agent-trust-hub — hermes-attestation-guardian