ocas-vesper
Generates concise daily briefings by aggregating signals and outcomes, enhancing decision-making without exposing internal processes.
Install this skill
or
59/100
Security score
The ocas-vesper skill was audited on Jun 13, 2026 and we found 5 security issues across 3 threat categories, including 2 high-severity. Review the findings below before installing.
Categories Tested
Security Issues
high line 216
Curl to non-GitHub URL
SourceSKILL.md
| 216 | - **Weather API: use Open-Meteo directly, not RapidAPI** — The RapidAPI `weather` endpoint's `current-weather` action is unreliable (returns "tool not found"). Use `curl` directly to `https://api.open |
medium line 193
Access to hidden dotfiles in home directory
SourceSKILL.md
| 193 | - After pulling: sync the profile copy (`~/.hermes/profiles/indigo/skills/ocas-vesper/`) — sessions load from there, not the git repo |
medium line 222
Access to hidden dotfiles in home directory
SourceSKILL.md
| 222 | - **Skill files live in two locations** — The git repo at `~/.hermes/skills/ocas-vesper/` is the update source. Sessions load from `~/.hermes/profiles/indigo/skills/ocas-vesper/`. After any `vesper.up |
high line 213
Access to root home directory
SourceSKILL.md
| 213 | - **Dual LOCATIONS can desync** — Briefings live in two places: the master index (`briefings.jsonl`) AND individual files (`briefings/YYYY-WXX/YYYY-MM-DD-{type}.json`). Each has its own `delivered` fl |
low line 216
External URL reference
SourceSKILL.md
| 216 | - **Weather API: use Open-Meteo directly, not RapidAPI** — The RapidAPI `weather` endpoint's `current-weather` action is unreliable (returns "tool not found"). Use `curl` directly to `https://api.open |
Scanned on Jun 13, 2026
View Security DashboardGitHub Stars 1
Rating
5.01
Rate this skill
Categorysales
UpdatedJune 13, 2026
hermesfrontendpowerpointgitapitestingbackendcustomer-success-managerproject-manageroperations-managerbusiness-developmentmarketing-analystgoogle-docsgmailsalesproject managementoperationsmarketing
indigokarasu/vesper