oss-forensics

Facilitates supply chain investigations and forensic analysis of GitHub repositories, enabling evidence recovery and structured reporting.

Install this skill

15/100

Security score

The oss-forensics skill was audited on May 17, 2026 and we found 29 security issues across 3 threat categories. Review the findings below before installing.

Categories Tested

Security Issues

medium line 161

Curl to non-GitHub URL

SourceSKILL.md

161	curl -s "https://api.github.com/repos/OWNER/REPO/commits?per_page=100" > api_commits.json

medium line 164

Curl to non-GitHub URL

SourceSKILL.md

164	curl -s "https://api.github.com/repos/OWNER/REPO/pulls?state=all&per_page=100" > api_prs.json

medium line 167

Curl to non-GitHub URL

SourceSKILL.md

167	curl -s "https://api.github.com/repos/OWNER/REPO/issues?state=all&per_page=100" > api_issues.json

medium line 170

Curl to non-GitHub URL

SourceSKILL.md

170	curl -s "https://api.github.com/repos/OWNER/REPO/contributors" > api_contributors.json

medium line 173

Curl to non-GitHub URL

SourceSKILL.md

173	curl -s "https://api.github.com/repos/OWNER/REPO/events?per_page=100" > api_events.json

medium line 176

Curl to non-GitHub URL

SourceSKILL.md

176	curl -s "https://api.github.com/repos/OWNER/REPO/git/commits/SHA" > commit_detail.json

medium line 179

Curl to non-GitHub URL

SourceSKILL.md

179	curl -s "https://api.github.com/repos/OWNER/REPO/releases?per_page=100" > api_releases.json

medium line 182

Curl to non-GitHub URL

SourceSKILL.md

182	curl -s "https://api.github.com/repos/OWNER/REPO/commits/SHA" \| jq .sha

medium line 203

Curl to non-GitHub URL

SourceSKILL.md

203	curl -s "https://web.archive.org/cdx/search/cdx?url=github.com/OWNER/REPO&output=json&limit=100&from=YYYYMMDD&to=YYYYMMDD" > wayback_main.json

medium line 206

Curl to non-GitHub URL

SourceSKILL.md

206	curl -s "https://web.archive.org/cdx/search/cdx?url=github.com/OWNER/REPO/issues/NUM&output=json&limit=50" > wayback_issue_NUM.json

medium line 209

Curl to non-GitHub URL

SourceSKILL.md

209	curl -s "https://web.archive.org/cdx/search/cdx?url=github.com/OWNER/REPO/pull/NUM&output=json&limit=50" > wayback_pr_NUM.json

medium line 216

Curl to non-GitHub URL

SourceSKILL.md

216	curl -s "https://web.archive.org/cdx/search/cdx?url=github.com/OWNER/REPO/releases/tag/*&output=json" > wayback_tags.json

medium line 219

Curl to non-GitHub URL

SourceSKILL.md

219	curl -s "https://web.archive.org/cdx/search/cdx?url=github.com/OWNER/REPO/wiki/*&output=json" > wayback_wiki.json

medium line 62

Access to hidden dotfiles in home directory

SourceSKILL.md

62	> resolve `SKILL_DIR` to the actual path — e.g. `~/.hermes/skills/security/oss-forensics/`

low line 161

External URL reference

SourceSKILL.md

161	curl -s "https://api.github.com/repos/OWNER/REPO/commits?per_page=100" > api_commits.json

low line 164

External URL reference

SourceSKILL.md

164	curl -s "https://api.github.com/repos/OWNER/REPO/pulls?state=all&per_page=100" > api_prs.json

low line 167

External URL reference

SourceSKILL.md

167	curl -s "https://api.github.com/repos/OWNER/REPO/issues?state=all&per_page=100" > api_issues.json

low line 170

External URL reference

SourceSKILL.md

170	curl -s "https://api.github.com/repos/OWNER/REPO/contributors" > api_contributors.json

low line 173

External URL reference

SourceSKILL.md

173	curl -s "https://api.github.com/repos/OWNER/REPO/events?per_page=100" > api_events.json

low line 176

External URL reference

SourceSKILL.md

176	curl -s "https://api.github.com/repos/OWNER/REPO/git/commits/SHA" > commit_detail.json

low line 179

External URL reference

SourceSKILL.md

179	curl -s "https://api.github.com/repos/OWNER/REPO/releases?per_page=100" > api_releases.json

low line 182

External URL reference

SourceSKILL.md

182	curl -s "https://api.github.com/repos/OWNER/REPO/commits/SHA" \| jq .sha

low line 203

External URL reference

SourceSKILL.md

203	curl -s "https://web.archive.org/cdx/search/cdx?url=github.com/OWNER/REPO&output=json&limit=100&from=YYYYMMDD&to=YYYYMMDD" > wayback_main.json

low line 206

External URL reference

SourceSKILL.md

206	curl -s "https://web.archive.org/cdx/search/cdx?url=github.com/OWNER/REPO/issues/NUM&output=json&limit=50" > wayback_issue_NUM.json

low line 209

External URL reference

SourceSKILL.md

209	curl -s "https://web.archive.org/cdx/search/cdx?url=github.com/OWNER/REPO/pull/NUM&output=json&limit=50" > wayback_pr_NUM.json

low line 212

External URL reference

SourceSKILL.md

212	# Use the Wayback Machine URL: https://web.archive.org/web/TIMESTAMP/ORIGINAL_URL

low line 213

External URL reference

SourceSKILL.md

213	# Example: https://web.archive.org/web/20240101000000*/github.com/OWNER/REPO

low line 216

External URL reference

SourceSKILL.md

216	curl -s "https://web.archive.org/cdx/search/cdx?url=github.com/OWNER/REPO/releases/tag/*&output=json" > wayback_tags.json

low line 219

External URL reference

SourceSKILL.md

219	curl -s "https://web.archive.org/cdx/search/cdx?url=github.com/OWNER/REPO/wiki/*&output=json" > wayback_wiki.json

Scanned on May 17, 2026

View Security Dashboard

Installation guide →

GitHub Stars 153.5K

Rate this skill

Categorydevelopment

UpdatedMay 20, 2026

openclaw api backend security-engineer data-analyst backend-developer github development data analytics

NousResearch/hermes-agent