Hermes 记忆与技能系统
AdvisoryAudited by VirusTotal on Apr 23, 2026.
Overview
Type: OpenClaw Skill Name: hermes-memory-system Version: 1.0.0 The Hermes Memory System bundle is a legitimate utility designed to provide cross-session memory and automated skill generation for OpenClaw agents. The deployment scripts (deploy.sh) and test scripts (start_acceptance_tests.sh) perform standard file operations, directory setup, and local environment validation within the user's workspace. While the configuration files (hermes.yaml) contain some hardcoded local paths, there is no evidence of data exfiltration, unauthorized network activity, or malicious prompt injection within the SKILL.md instructions.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Conversations or task details may be saved across sessions and reused later, which can expose private context if the workspace is shared or compromised.
The skill is configured to automatically persist and later reuse conversation memory, and the main config does not encrypt sensitive data by default.
auto_sync: true ... memory_file: "{{ memory.workspace_dir }}/MEMORY.md" ... prefetch_enabled: true ... encrypt_sensitive_data: falseUse it only where persistent memory is desired; review memory files, configure retention, enable encryption where available, and avoid storing secrets in conversations.
Task traces can include operational details, and approved generated skills may change future agent behavior.
The skill records agent activity and can generate reusable skills, but default production behavior requires approval and does not auto-install generated skills.
auto_record: true ... record_tool_calls: true ... record_file_operations: true ... require_approval: true ... auto_install: false
Keep `require_approval: true` and `auto_install: false` for normal use, and review generated skills and trajectory logs before approving them.
Users who follow manual installation may execute code or dependencies that are not fully represented in the provided artifact set.
Manual installation relies on external source code, an unpinned dependency, and a shell deployment script outside the ClawHub install mechanism.
git clone https://github.com/openclaw/hermes-agent-skill.git ... pip install pyyaml ... ./scripts/deploy.sh --workspace ~/.openclaw/workspace --environment production
Verify the repository source, inspect scripts before running them, pin dependency versions, and prefer a reviewed install package when available.
If users enable external embedding providers, API keys and memory-derived text may be involved in provider calls.
The configuration supports optional provider credentials for embeddings, though the default setting disables that integration and no secret is hardcoded.
use_embedding: false ... embedding_provider: "word_overlap" # word_overlap, openai, ollama ... embedding_api_key: ""
Only enable external providers intentionally, use environment variables or a secret manager for keys, and choose least-privilege credentials.