hermes-attestation-guardianHermes-only runtime security attestation and drift detection skill for operator-managed Hermes infrastructure.
Install via ClawdBot CLI:
clawdbot install davida-ps/hermes-attestation-guardianGrade Limited — based on market validation, documentation quality, package completeness, maintenance status, and authenticity signals.
Calls external URL not in known-safe list
https://clawsec.prompt.securityAudited Apr 18, 2026 · audit v1.0
Generated May 6, 2026
Operators of Hermes infrastructure can set up recurring attestation generation and verification to detect drift in runtime posture. This ensures that any unauthorized changes to gateway flags, feed verification status, or integrity of watched files are immediately flagged. Industries like finance or healthcare that require strict compliance can use this to maintain audit trails.
Security teams can generate a trusted baseline attestation and compare current attestations against it with authenticated signatures. The verifier fails on high-severity drifts, enabling rapid detection of configuration tampering. This is critical for managed security service providers (MSSPs) monitoring multiple Hermes deployments.
By running the attestation generator on a cron schedule (e.g., every 6 hours), organizations can produce regular integrity snapshots. The deterministic timestamps and canonical digests make these attestations suitable for compliance audits. This is useful for any industry with regulatory requirements like GDPR or HIPAA.
Operators can optionally verify attestations with detached signatures using a trusted public key, ensuring attestation authenticity even if the file server is compromised. This adds a layer of supply chain security for Hermes infrastructure deployments in software supply chain assurance.
Offer attestation generation and verification as a subscription service for enterprises running Hermes infrastructure. Revenue comes from per-deployment monthly fees based on the number of attested nodes.
Package the skill as a compliance automation tool sold to companies needing automated posture attestation for regulatory audits. Revenue generated from one-time license fees and annual maintenance.
Provide a managed scheduler for `setup_attestation_cron.mjs` with premium support and SLA guarantees. Revenue from monthly service contracts per customer.
💬 Integration Tip
Integrate with existing CI/CD pipelines by running `node scripts/generate_attestation.mjs` and `node scripts/verify_attestation.mjs` as post-deployment integrity checks. Use environment variables for paths and keys to avoid hardcoding.
Scored May 6, 2026
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope,...
Comprehensive security auditing for Clawdbot deployments. Scans for exposed credentials, open ports, weak configs, and vulnerabilities. Auto-fix mode included.
Audit codebases and infrastructure for security issues. Use when scanning dependencies for vulnerabilities, detecting hardcoded secrets, checking OWASP top 10 issues, verifying SSL/TLS, auditing file permissions, or reviewing code for injection and auth flaws.
Detect anomalies and outliers in construction data: unusual costs, schedule variances, productivity spikes. Statistical and ML-based detection methods.
Analyze and classify agent skills for safety using local evaluation. Optionally produce a signed attestation of the vetting result.
Solve CAPTCHAs with 2Captcha from the command line during browser automation.