Hermes Agent Skill
v2.1.1NousResearch Hermes Agent CLI integration. Core capabilities: - Self-improving skill system - Persistent memory (FTS5 + LLM summaries) - Sub-agent delegation...
⭐ 0· 21·0 current·0 all-time
bywill@wihy
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description claim a Hermes CLI integration and the SKILL.md + _meta.json consistently instruct calling the `hermes` CLI; required binaries/configs align with that purpose (no unrelated credentials or tools requested).
Instruction Scope
SKILL.md only instructs invoking Hermes CLI commands (run, memory, skills, status). It does not itself instruct reading arbitrary host files or requesting extra env vars. However, those Hermes commands can accept context files and cause sub-agents, browser automation, or code execution — so the runtime behavior depends on the external Hermes binary and the data you pass it.
Install Mechanism
Instruction-only skill with no install spec and no included code — lowest-risk packaging. The skill relies on an already-installed `hermes` CLI (meta.json suggests a `which hermes` check).
Credentials
The skill declares no required env vars or credentials. It does advise editing `~/.hermes/.env` to set an LLM provider key — reasonable for a CLI agent, but that means credentials live in the user's home config (outside the skill). The skill itself does not request unrelated secrets.
Persistence & Privilege
always: false and no special persistence requested. Model invocation is allowed (platform default). Be aware: allowing autonomous invocation plus Hermes' delegation/code-execution features increases the potential impact of actions Hermes is asked to perform, but that is a characteristic of the external tool rather than the skill bundle.
Scan Findings in Context
[no_scan_findings] expected: This is an instruction-only skill with no code files, so the regex-based scanner had nothing to analyze; that's expected for this packaging.
Assessment
This skill itself only runs the Hermes CLI — it does not request secrets or write files outside ~/.hermes/ — but Hermes can perform browser automation, spawn sub-agents, run code, and will use any LLM provider key you put in ~/.hermes/.env. Before installing/use: (1) verify you trust and install Hermes from the official repository URL referenced in SKILL.md; (2) review the contents of ~/.hermes/ and the .env file so you know which API keys are stored and used; (3) avoid putting high-privilege credentials in ~/.hermes/.env (use scoped or test keys); (4) consider running Hermes and this skill in a sandbox or with manual approval for sensitive operations (delegation, code execution, browser automation); (5) when in doubt, test with a non-sensitive account and inspect Hermes' behavior first.Like a lobster shell, security has layers — review code before you run it.
agentvk97fn4pkyn88v5270rdkdsdgeh84qvzjaivk97fn4pkyn88v5270rdkdsdgeh84qvzjdelegationvk97fn4pkyn88v5270rdkdsdgeh84qvzjhermesvk97fn4pkyn88v5270rdkdsdgeh84qvzjlatestvk971qncqsn2dn74e2hnfpwca6d84qhp5mcpvk97fn4pkyn88v5270rdkdsdgeh84qvzjmemoryvk97fn4pkyn88v5270rdkdsdgeh84qvzjself-improvingvk97fn4pkyn88v5270rdkdsdgeh84qvzj
License
MIT-0
Free to use, modify, and redistribute. No attribution required.