Skills
skills/nousresearch/hermes-agent/godmode/Snyk

godmode

Fail

Audited by Snyk on Apr 19, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.90). While the X profile and OpenRouter API are not direct download hosts, the two GitHub repositories explicitly distribute jailbreak scripts and instruct users to exec remote code (exec(open(...)).read()), which makes them a high-risk source for delivering malicious or unwanted code—executing scripts from untrusted repos can install malware or give remote control to attackers.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This skill is explicitly designed to bypass model safety controls and install persistent jailbreak instructions into a user's agent (a form of backdoor/persistence), and it contains multiple deliberate evasion and obfuscation mechanisms (exec-based dynamic loading, config/file writes, encoding layers, multi-model “racing”) that together represent high-risk malicious behavior for abuse and safety evasion.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 1.00). The skill actively queries many external models (see scripts/godmode_race.py ULTRAPLINIAN and scripts/auto_jailbreak.py which call OpenRouter/OpenAI), ingests and scores those remote model responses, and then uses the winning outputs to write system prompts and prefill files (~/.hermes/config.yaml and prefill.json), so untrusted third‑party model outputs can directly influence agent behavior and tool use.

MEDIUM W013: Attempt to modify system services in skill instructions.

  • Attempt to modify system services in skill instructions detected (low risk: 0.30). The skill explicitly instructs executing local scripts and writing persistent changes to user config files (~/.hermes/config.yaml and prefill.json) to install a jailbreak, so it does push the agent to modify the host environment, but it does not request sudo, modify system-level files, or create OS users.

Issues (4)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W013
MEDIUM

Attempt to modify system services in skill instructions.

Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 19, 2026, 07:17 AM
Issues
4