Timmy_Foundation/hermes-agent
16
0
Fork 0
Code Issues 38 Pull Requests 2 Actions 18 Packages Projects Releases Wiki Activity
Files
security/fix-docker-privilege
hermes-agent/tools
History
Allegro ed32487cbe
Some checks failed
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Successful in 28s
Details
Tests / test (pull_request) Failing after 29s
Details
Docker Build and Publish / build-and-push (pull_request) Failing after 42s
Details
security: block dangerous Docker volume mounts (V-012, CVSS 8.7) 
Prevent privilege escalation via Docker socket mount.

Changes:
- tools/environments/docker.py: Add _is_dangerous_volume() validation
- Block docker.sock, /proc, /sys, /dev, root fs mounts
- Log security error when dangerous volume detected

Fixes container escape vulnerability where user-configured volumes
could mount Docker socket for host compromise.

CVSS: 8.7 (High)
Refs: V-012 in SECURITY_AUDIT_REPORT.md
CWE-250: Execution with Unnecessary Privileges
2026-03-30 23:55:45 +00:00
..
browser_providers
feat(browser): multi-provider cloud browser support + Browser Use integration
2026-03-17 00:16:34 -07:00
environments
security: block dangerous Docker volume mounts (V-012, CVSS 8.7)
2026-03-30 23:55:45 +00:00
neutts_samples
refactor(tts): replace NeuTTS optional skill with built-in provider + setup flow
2026-03-17 02:33:12 -07:00
__init__.py
chore: remove all remaining mini-swe-agent references
2026-03-24 08:19:23 -07:00
ansi_strip.py
fix: strip ANSI at the source — clean terminal output before it reaches the model
2026-03-23 07:43:12 -07:00
approval.py
feat(approvals): make dangerous command approval timeout configurable (#3886)
2026-03-30 00:02:02 -07:00
browser_tool.py
fix(browser): guard LLM response content against None in snapshot and vision (#3642)
2026-03-28 17:25:04 -07:00
checkpoint_manager.py
chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119)
2026-03-25 19:47:58 -07:00
clarify_tool.py
chore: remove ~100 unused imports across 55 files (#3016)
2026-03-25 15:02:03 -07:00
code_execution_tool.py
security: fix secret leakage via whitelist-only env vars (CVSS 9.3)
2026-03-30 23:42:43 +00:00
credential_files.py
feat: mount skills directory into all remote backends with live sync (#3890)
2026-03-30 02:45:41 -07:00
cronjob_tools.py
feat(gateway): add WeCom (Enterprise WeChat) platform support (#3847)
2026-03-29 21:29:13 -07:00
debug_helpers.py
refactor: consolidate debug logging across tools with shared DebugSession class
2026-02-21 03:53:24 -08:00
delegate_tool.py
fix: report subagent status as completed when summary exists (#3829)
2026-03-29 18:21:36 -07:00
env_passthrough.py
feat: env var passthrough for skills and user config (#2807)
2026-03-24 08:19:34 -07:00
file_operations.py
security: fix path traversal vulnerability (CVSS 9.1)
2026-03-30 23:17:09 +00:00
file_tools.py
security: harden dangerous command detection and add file tool path guards (#3872)
2026-03-29 22:33:47 -07:00
fuzzy_match.py
chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119)
2026-03-25 19:47:58 -07:00
gitea_client.py
feat: add sovereign Gitea client tool
2026-03-30 22:19:26 +00:00
graph_store.py
feat: add sovereign Graph Store tool
2026-03-30 22:28:56 +00:00
homeassistant_tool.py
feat(tools): centralize tool emoji metadata in registry + skin integration
2026-03-15 20:21:21 -07:00
honcho_tools.py
fix(banner): show honcho tools as available when configured (#3810)
2026-03-29 15:55:05 -07:00
image_generation_tool.py
chore: remove ~100 unused imports across 55 files (#3016)
2026-03-25 15:02:03 -07:00
interrupt.py
security: fix race condition in interrupt propagation (V-007)
2026-03-30 23:47:04 +00:00
mcp_oauth.py
chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119)
2026-03-25 19:47:58 -07:00
mcp_tool.py
feat(mcp): dynamic tool discovery via notifications/tools/list_changed (#3812)
2026-03-29 15:52:54 -07:00
memory_tool.py
fix: cap percentage displays at 100% in stats, gateway, and memory tool (#3599)
2026-03-28 14:55:18 -07:00
mixture_of_agents_tool.py
fix: guard aux LLM calls against None content + reasoning fallback + retry (salvage #3389) (#3449)
2026-03-27 15:28:19 -07:00
neutts_synth.py
fix(tts): document NeuTTS provider and align install guidance (#1903)
2026-03-18 02:55:30 -07:00
openrouter_client.py
refactor: route ad-hoc LLM consumers through centralized provider router
2026-03-11 20:02:36 -07:00
patch_parser.py
fix: handle addition-only hunks in V4A patch parser (#3325)
2026-03-26 19:38:04 -07:00
process_registry.py
chore: remove ~100 unused imports across 55 files (#3016)
2026-03-25 15:02:03 -07:00
registry.py
feat(mcp): dynamic tool discovery via notifications/tools/list_changed (#3812)
2026-03-29 15:52:54 -07:00
rl_training_tool.py
chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119)
2026-03-25 19:47:58 -07:00
send_message_tool.py
feat(gateway): add WeCom (Enterprise WeChat) platform support (#3847)
2026-03-29 21:29:13 -07:00
session_search_tool.py
fix: session_search fallback preview on summarization failure (salvage #3413) (#3478)
2026-03-27 21:27:51 -07:00
skill_manager_tool.py
fix(skills): block category path traversal in skill manager (#3844)
2026-03-29 20:08:22 -07:00
skills_guard.py
fix: guard aux LLM calls against None content + reasoning fallback + retry (salvage #3389) (#3449)
2026-03-27 15:28:19 -07:00
skills_hub.py
feat(skills): add garrytan/gstack as default Skills Hub tap (#3605)
2026-03-28 14:55:49 -07:00
skills_sync.py
refactor: consolidate get_hermes_home() and parse_reasoning_effort() (#3062)
2026-03-25 15:54:28 -07:00
skills_tool.py
feat(skills): support external skill directories via config (#3678)
2026-03-29 00:33:30 -07:00
terminal_tool.py
security: fix race condition in interrupt propagation (V-007)
2026-03-30 23:47:04 +00:00
tirith_security.py
chore: fix 154 f-strings, simplify getattr/URL patterns, remove dead code (#3119)
2026-03-25 19:47:58 -07:00
todo_tool.py
feat(tools): centralize tool emoji metadata in registry + skin integration
2026-03-15 20:21:21 -07:00
transcription_tools.py
security: fix command injection vulnerabilities (CVSS 9.8)
2026-03-30 23:15:11 +00:00
tts_tool.py
fix: make display_hermes_home imports lazy to prevent ImportError during hermes update (#3776)
2026-03-29 15:15:17 -07:00
url_safety.py
security: add connection-level SSRF protection (CVSS 9.4)
2026-03-30 23:43:58 +00:00
vision_tools.py
fix: background task media delivery + vision download timeout (#3919)
2026-03-30 02:59:39 -07:00
voice_mode.py
chore: remove ~100 unused imports across 55 files (#3016)
2026-03-25 15:02:03 -07:00
web_tools.py
feat(web): add Exa as a web search and extract backend (#3648)
2026-03-28 17:35:53 -07:00
website_policy.py
refactor: consolidate get_hermes_home() and parse_reasoning_effort() (#3062)
2026-03-25 15:54:28 -07:00