mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-04-25 00:51:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge PR #388: fix --force bypassing dangerous verdict in should_allow_install

Browse source 
Authored by Farukest. Fixes #387.

Removes 'and not force' from the dangerous verdict check so --force
can never install skills with critical security findings (reverse shells,
data exfiltration, etc). The docstring already documented this behavior
but the code didn't enforce it.
This commit is contained in:
teknium1 2026-03-04 19:19:57 -08:00
commit ffc6d767ec
3 changed files with 113 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tools/skills_guard.py
View file

@ -650,7 +650,7 @@ def should_allow_install(result: ScanResult, force: bool = False) -> Tuple[bool,
Returns:
(allowed, reason) tuple
"""
if result.verdict == "dangerous" and not force:
if result.verdict == "dangerous":
return False, f"Scan verdict is DANGEROUS ({len(result.findings)} findings). Blocked."
policy = INSTALL_POLICY.get(result.trust_level, INSTALL_POLICY["community"])