📦 Hermes — 赫尔墨斯
v1.0.0为 Hermes Agent 添加 MiniMax OAuth 认证支持。用于在 Hermes 中集成 MiniMax OAuth、修复 MiniMax 认证问题或新增 OAuth 功能时。
19· 19·0 当前·0 累计
by 下载技能包
最后更新
2026/4/20
安全扫描
OpenClaw
安全
medium confidenceThe skill is an instruction-only guide to add MiniMax OAuth support to the Hermes codebase; its required actions and external endpoints align with that purpose, with only minor documentation/inconsistency issues to review before applying changes.
评估建议
This skill is a how-to for editing your Hermes code to add MiniMax OAuth and appears coherent with that goal. Before applying changes: 1) Manually review and copy the exact code you will insert into auth.py/auth_commands.py/models.py — do not run unreviewed automated patches. 2) Back up the repository or work on a feature branch. 3) Confirm where access tokens and refresh tokens will be stored (credential pool, ~/.hermes/.env, or files) and ensure you are comfortable with that persistence. 4) No...详细分析 ▾
✓ 用途与能力
The README-style instructions precisely describe adding OAuth support (constants, provider config, PKCE flow, CLI handlers) and only reference MiniMax endpoints and internal Hermes files. There are no unrelated credentials, binaries, or services requested that would contradict the stated purpose. Minor editorial inconsistencies exist (e.g., small name variants like hermes-cli vs hermes_cli and a troubleshooting note about MINIMAX_API_KEY that isn't declared in requires.env), but they are plausibly documentation sloppiness rather than malicious behavior.
ℹ 指令范围
The SKILL.md tells the operator to edit local Hermes source files (auth.py, auth_commands.py, models.py), restart the agent, and run syntax checks. It references the user's ~/.hermes/.env as a troubleshooting location (MINIMAX_API_KEY) which is outside the code tree but reasonable for storing runtime config. The instructions do not direct the agent to read or exfiltrate arbitrary files or send data to endpoints other than the MiniMax endpoints described. Still, because the skill instructs modifying source and local configuration, reviewers should manually inspect the exact code changes before applying them.
✓ 安装机制
This is instruction-only (no install spec, no code files executed by an installer). That is low-risk from an install-attack surface perspective: nothing will be downloaded or written automatically by an installer. The agent following instructions could modify files, but the skill itself does not include an automated installer or external download URL.
ℹ 凭证需求
The skill declares no required environment variables or credentials, which is consistent with an OAuth client_id and PKCE flow (no client secret required). However, the 'Common Errors' section suggests setting MINIMAX_API_KEY in ~/.hermes/.env for an invalid_api_key error; this environment hint is not declared in metadata and may be specific to some deployments. Tokens returned by the OAuth flow will be stored/pooled by the Hermes code — review where and how those tokens are persisted (e.g., credential pool, .env, or filesystem).
✓ 持久化与权限
The skill does not request always: true and does not attempt to modify other skills or global agent configuration. It instructs editing Hermes source files in the user's codebase (normal for this purpose). There is no automated persistence or privilege escalation mechanism in the skill content itself.
安全有层次,运行前请审查代码。
运行时依赖
无特殊依赖
版本
latestv1.0.02026/4/20
Initial release: Add MiniMax OAuth support to Hermes Agent with PKCE + user_code flow
● 无害
安装命令
点击复制官方npx clawhub@latest install hermes-minimax-oauth
镜像加速npx clawhub@latest install hermes-minimax-oauth --registry https://cn.longxiaskill.com