Skills
skills/nousresearch/hermes-agent/obliteratus/Snyk

obliteratus

Fail

Audited by Snyk on Apr 27, 2026

Risk Level: CRITICAL
Full Analysis

CRITICAL E005: Suspicious download URL detected in skill instructions.

  • Suspicious download URL detected (high risk: 0.80). The URL points to an obscure GitHub repository that instructs users to git-clone and run pip install -e (which can execute arbitrary code during install); while GitHub is a known platform, an untrusted/low-reputation repo distributing installable code represents a moderate-to-high malware risk unless you audit it or run it in a secure sandbox.

CRITICAL E006: Malicious code pattern detected in skill scripts.

  • Malicious code pattern detected (high risk: 1.00). This skill explicitly and systematically instructs how to remove/refine safety guardrails from open-weight LLMs (including targeted removals like weapons refusals), offers reversible/inverted modes to make models actively compliant, provides step‑by‑step methods to surgically excise refusal behavior and to distribute ablated models, and even hides more powerful Python‑API‑only functionality behind import (AGPL/license boundary), so it is an intent‑driven tool for bypassing safety and enabling misuse and redistribution — high malicious/abuse risk.

MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).

  • Third-party content exposure detected (high risk: 0.90). The SKILL.md explicitly instructs fetching the tool from GitHub and running commands like "obliteratus obliterate <model_name>" and "obliteratus models --tier" that operate on public model artifacts referenced by HuggingFace-style IDs (and can pull models/telemetry from public hubs), meaning it clearly ingests untrusted, user-generated third-party model content as part of its runtime workflow which can change analysis and method-selection decisions.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

  • Potentially malicious external URL detected (high risk: 1.00). The skill's installation step explicitly runs "git clone https://github.com/elder-plinius/OBLITERATUS.git" followed by "pip install -e .", which fetches remote code at runtime and executes it, making this a required runtime dependency that can directly control the agent's behavior.

Issues (4)

E005
CRITICAL

Suspicious download URL detected in skill instructions.

E006
CRITICAL

Malicious code pattern detected in skill scripts.

W011
MEDIUM

Third-party content exposure detected (indirect prompt injection risk).

W012
MEDIUM

Unverifiable external dependency detected (runtime URL that controls agent).

Audit Metadata
Risk Level
CRITICAL
Analyzed
Apr 27, 2026, 07:07 AM
Issues
4