mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-06-05 07:41:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 10

fix(security): correct verdict logic and enforce --force limitation in skills_guard

Browse source 
- _determine_verdict() returned 'caution' for medium/low-only findings,
  causing community skills with harmless patterns (e.g. path traversal
  notation, unpinned pip install) to be incorrectly blocked. Now returns
  'safe' when only medium/low severity findings are present.

- should_allow_install() allowed --force to override 'dangerous' verdict,
  contradicting documented behavior that --force does NOT override dangerous
  scan results. Added explicit check to prevent force-installing skills
  with dangerous verdict.
This commit is contained in:
sprmn24 2026-03-27 00:08:02 +03:00 committed by Teknium
parent db489a315f
commit 0f8215f633
1 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

5
tools/skills_guard.py
View file

@ -661,7 +661,7 @@ def should_allow_install(result: ScanResult, force: bool = False) -> Tuple[bool,
if decision == "allow":
return True, f"Allowed ({result.trust_level} source, {result.verdict} verdict)"
if force:
if force and result.verdict != "dangerous":
return True, (
f"Force-installed despite {result.verdict} verdict "
f"({len(result.findings)} findings)"
@ -932,7 +932,8 @@ def _determine_verdict(findings: List[Finding]) -> str:
return "dangerous"
if has_high:
return "caution"
return "caution"
# medium/low findings alone are informational, not blocking
return "safe"
def _build_summary(name: str, source: str, trust: str, verdict: str, findings: List[Finding]) -> str: