The Agent Skills Directory

[COMMAND_EXECUTION]: The script scripts/setup_attestation_cron.mjs interacts with the system crontab using child_process.spawnSync to manage recurring attestation schedules. This feature is opt-in via the --apply flag and is functionally necessary for the skill's scheduling capabilities.
[SAFE]: All file write operations in scripts/generate_attestation.mjs are restricted to the $HERMES_HOME/security/attestations directory. The skill implements robust path validation to prevent directory traversal or writes to sensitive system locations.
[SAFE]: The skill uses deterministic generation and fail-closed verification logic, ensuring that any tampering with attestation artifacts or baselines results in a verification failure.

hermes-attestation-guardian