hermes-agent

This module is a typical one-click Python app installer with no clear embedded malware in the Bash logic. However, it performs high-impact supply-chain operations: it clones/pulls a moving GitHub branch without pinning to a commit/tag or verifying integrity, and it installs dependencies without hash/signature verification. It also generates and later executes a launcher that auto-discovers the install location (including a /tmp fallback), which can increase local threat exposure if an attacker can plant artifacts. Recommended hardening: pin to a specific commit/tag, verify signatures/checksums, use a locked dependency set (hashes/--require-hashes), and remove or constrain auto-discovery (especially /tmp).

No direct indicators of overt malware (e.g., embedded backdoor logic, credential harvesting, or network exfiltration) are present in this wrapper script. However, the script contains a high-impact command-injection/execution risk due to `eval "$cmd"` and repeated `bash -c "$cmd"` execution where command strings are constructed from untrusted CLI/environment inputs. It also supports arbitrary file writes via a user-supplied `--output` path. Treat this wrapper as a security alert and remediate by removing `eval`/`bash -c` string execution in favor of safe argument arrays and strict input handling; additionally, validate/sandbox output paths and avoid logging sensitive prompts in production.

该技能总体与“集成 Hermes Agent CLI”这一目的基本一致，不像伪装型窃密技能；但它把一个高权限通用代理能力整体引入宿主代理，并允许插件安装、MCP 外连、网页研究、代码执行和定时任务，且默认无需审批。结论为可疑但非明确恶意：主要风险来自高权限自动化、转移信任链和外部端点/插件带来的数据与凭据暴露面。