Hermes Agent security-guidance plugin
=====================================

This plugin (plugins/security-guidance/) includes work originally
published in the claude-plugins-official repository by Anthropic, PBC.,
licensed under the Apache License, Version 2.0.

    Source:    https://github.com/anthropics/claude-plugins-official
    Subpath:   plugins/security-guidance/hooks/patterns.py
    Commit:    0bde168 (2026-05-26)
    License:   Apache License 2.0 (see LICENSE in this directory)

Forked content
--------------

The file patterns.py in this directory is a verbatim copy of the upstream
patterns.py at the commit above, with a modified module docstring noting
this attribution. The pattern data — 25 regex/substring rules covering
unsafe deserialization, command injection, XSS sinks, crypto footguns,
XXE, GitHub Actions injection, and TLS-verification disablement — is
unmodified.

Original work
-------------

The Hermes-side plugin glue code (__init__.py, plugin.yaml, README.md,
tests) is original work by NousResearch and is licensed under the MIT
License that applies to the rest of the hermes-agent project, except
where it imports from patterns.py — that import does not change the
license of either file.
