mirror of
https://github.com/NousResearch/hermes-agent.git
synced 2026-05-29 06:31:32 +00:00
263e008d6b
Adds optional-skills/security/web-pentest/ — an authorized web app penetration testing skill adapted from Shannon's methodology (concepts only; AGPL-clean fresh implementation). Phased: recon (read-only) → vuln analysis (delegate_task per OWASP class) → proof-based exploitation → report. Guardrails baked in: - Authorization gate before first active scan (templates/authorization.md) - Scope allowlist (scope.txt) consulted by recon-scan.sh and documented as the rule for every active request - Aux-client leakage warning (compression + title gen replay history; payloads/creds must not enter chat verbatim) - Bypass-exhaustion discipline before false-positive classification - L3/L4 (proof-required) for reportable findings; L1/L2 listed as candidates only Closes #400. Supersedes #21845 (plugin-shaped proposal; skill-shaped is cheaper and matches the existing optional-skills/security/ pattern). |
||
|---|---|---|
| .. | ||
| autonomous-ai-agents | ||
| blockchain | ||
| communication | ||
| creative | ||
| devops | ||
| dogfood | ||
| email/agentmail | ||
| finance | ||
| health | ||
| mcp | ||
| migration | ||
| mlops | ||
| productivity | ||
| research | ||
| security | ||
| software-development | ||
| web-development | ||
| DESCRIPTION.md | ||