Hermes Agent · research + fit assessment · 3 Jul 2026

Hermes Agent — what it is, what people run it for, what we'd use it for

Nous Research's open-source (MIT) self-improving agent. Descends from OpenClaw (→ Clawdbot → Moltbot → OpenClaw). Runs off your laptop on a $5 VPS or serverless, reachable from Telegram/WhatsApp, with cron, subagents, skills, memory and webhooks. Model-agnostic (can run on the Claude API).

The verdict: not a Claude Code replacement — it's the always-on brain your setup is missing. Two genuinely-new capabilities for us (an outreach engine and phone-driven fleet ops), several nice-to-haves (research digests, content assets, data-on-tap), and one hard rule: never let it touch the core fleet repos. Real security teeth mean: self-host, Claude API, vetted skills only, keys scoped.
The field

What people actually use it for

Themed from independent sources (HN, DEV, Reddit), not just Nous marketing. Confidence flags: demoed real/user-reported · community claimed · illustrative promo "you could". The project is also heavily astroturfed, so weight the flags.

ThemeReal examplesConf.
Business / sales / BILead-gen bot that closed real deals (find→contact→score). NL data gateway over BigQuery/Stripe/Amplitude via Slack for non-tech staff. Weekly MRR/churn report. Lead qualification via webhook.demoed
Research / intelligenceDaily HN/Reddit/YouTube digest → email/Telegram. Market-research "idea factory" mining Reddit+HN for complaints. arXiv reader. Self-improving wiki "second brain".demoed
Ops / monitoringSelf-healing server (cron checks Docker/disk, auto-restarts, Telegram-alerts). Incident-commander toolkits. CI loops. Broken-link monitoring.illustrative
Content creationUGC ad studio (product URL → ad copy via Meta Ads Library scraping). Research→write→thumbnail "content factory". X/Twitter autoposting (no API cost). Podcast→show-notes.community
Personal assistantWeekday inbox briefing → Slack. Family group agent (calendars + shopping list). Voice coach, journaling→Obsidian, always-on on a Pi/Mac mini.community
Coding / devMulti-agent Plan→Code→QA→Ship (different model per role). Code review that learns your prefs. Hermes-as-MCP-server for Cursor/Claude Desktop.community
Support / communityMulti-channel customer service (WhatsApp/IG/email/Reviews). Discord/Slack team assistants with per-user auth + human approval gate.illustrative
Trading / financeWeather-derivatives & Polymarket bots, earnings trackers. (Headline P&L claims least verified — treat with suspicion.)illustrative
The point

What WE'd use it for — across everything we run

Mapped to the fleet, the digital products, lead-gen and monitoring. Ranked by value we don't already have. Left-border/tag: new capability · upgrade · handle with care.

Outreach engine #1 new

The biggest untapped lever. Prospect → personalise → send → follow-up → route replies to Telegram. Sell the digital products, chase cold FundBiz/MI/MHQ leads, and run SEO mention/backlink outreach (your own research: mentions > backlinks).

agentmail · telephony (Twilio SMS + AI calls) · domain-intel · osint-investigation

Phone-driven fleet ops #2 new

Message from Telegram — "is peptideclear live?", "leads today?", "run the fleet audit" — and it executes server-side, no laptop. Cross-platform, voice-memo capable. Fixes the "I'm on my phone" gap in your rc-session workflow.

gateway (Telegram/WhatsApp) · terminal · subagents

Always-on crons (kills laptop-sleep) #3 new

Host the time-sensitive jobs off your sleeping Mac: broker lead notifications (the PENDING delay), daily questions/blogs, weekly intelligence, site-audit, fleet-reality. Never miss because the lid's shut.

cron blueprints · webhook (Supabase/Stripe/GitHub) · deliver → telegram/email

Alert → action loop upgrade

Today form-canary / FLEET_REALITY just tell you. Hermes receives the same alert and acts (or you reply "fix it"). Webhooks can watch CF deploys + GitHub events too.

webhook triggers · HMAC · deliver_only relay

Research & intelligence on a schedule upgrade

Automate exactly the Gumroad/Flippa/competitor/AI-visibility scans we just ran — deliver weekly digests to your phone. The `news-digest` cron + web tools is this out-of-the-box.

web_search (free+paid) · scrapling (CF bypass) · browser · news-digest cron

Data on tap upgrade

The proven BigQuery/Stripe pattern, but for your Supabase: "how many real leads this week, by site?" answered in Telegram — without opening the dashboard.

webhook/Supabase · code_execution (pandas) · gateway

Content & ad assets upgrade

The "UGC ad studio" pattern for the digital products: generate ad copy + creative, blog illustrations, memes. Complements our nanobanana pipeline.

image_generate (fal/openai/xai) · baoyu-article-illustrator · meme-generation

Build NEW standalone things care

Fine for new, throwaway work — product landing pages, the SEO funnel sites, micro-tools, the Etsy store (Shopify skill). NEVER the core fleet repos — two agents editing the same Astro repos is the clobbering mess FLEET_REALITY exists to prevent.

cloudflare-temporary-deploy · shopify · terminal/file · subagent-driven-dev

Grounded, not marketing

The capabilities that back this up

Read from the actual repo — the tools/skills that make the above real.

AreaWhat actually ships
Web / researchweb_search + extract with 8 backends incl. free (ddgs, brave, searxng); scrapling (Cloudflare-Turnstile bypass); domain-intel (subdomains/WHOIS/DNS, no keys); osint-investigation (EDGAR/OpenCorporates/court/news); parallel-cli (deep research, enrichment, FindAll).
BrowserStealth local browser (Camofox+CDP) + cloud (browserbase/firecrawl); navigate/click/type/scroll/vision/CDP; full computer-use.
Outreachagentmail (agent's own inbox, autonomous send/receive); built-in email platform; telephony (persistent Twilio number, SMS + AI outbound calls via Bland/Vapi).
E-commerceshopify skill — full Admin + Storefront GraphQL (products/orders/inventory/customers/metafields).
Web build + deploycloudflare-temporary-deploy (live Worker URL, 60-min throwaway); page-agent copilot; terminal/file/patch tools to author sites.
Image / contentimage_generate (fal/openai/xai/krea) + video_generate; article-illustrator, memes, concept-diagrams, pixel-art.
Automation14 cron blueprints (morning-brief, important-mail, news-digest…), deliver to telegram/discord/email; webhook triggers from GitHub/Stripe/Supabase/monitoring with HMAC; full MCP (client + can serve as MCP server); subagents.
MemoryAgent-curated persistent memory (8 backends incl. Honcho/mem0), FTS5 cross-session search + LLM recall.
Runs off-laptop6 backends: local, Docker (s6), SSH, Singularity, Modal & Daytona serverless (scale-to-zero, ~£0 idle). Hetzner $5–10 VPS is the common recipe.

Gap to note: no dedicated keyword-volume / SERP-rank tool ships in-repo — we'd wire our DataForSEO via an MCP or the web tools.

Non-negotiable

How to run it safely

This is a self-hosted messaging agent with shell access + our keys — a genuinely sensitive class. The research surfaced named CVEs and a supply-chain wave of malicious community skills. So:

Claude Code = the workshop

Build/deploy the fleet, deep work, on your Mac + your gates. Unchanged.

Hermes = the always-on foreman

A $5 VPS on the Claude API: crons, lead/broker alerts, monitors, outreach, phone-ops. Owns distinct lanes, not the repos.

The safety rules

  • Self-host only (VPS/Modal), point it at the Claude API — keep content quality ours, avoid the default Llama/Hermes model.
  • Telegram only to start; set session scope to per-peer (the default shared `main` session leaks data between users).
  • Vetted skills only. Do NOT install community "skills" — ~1,184 malicious packages were caught. Use core tools + a handful of official skills you've read.
  • Scope the keys. Give it a limited-permission Supabase/CF/Resend token set — never your master keys. Wall the fleet Astro repos off entirely.
  • Sandbox + private mesh — run in Docker with read-only root, put it behind Tailscale (no exposed ports), treat all web/email content as untrusted (prompt-injection).
Eyes open

The honest risks

Why this isn't a slam-dunk

  • Security: named CVEs (one-click RCE + token exfil), prompt-injection exfiltration, and the malicious-skill supply chain. Real, not theoretical.
  • Fragmentation: adds a third actor alongside your sessions + crons — the exact clobbering FLEET_REALITY was invented to stop. Must own separate lanes.
  • Maturity: fast, breaking changes; a release broke cron; `claw migrate` has silent-failure bugs. Research-grade, not battle-tested.
  • Credibility noise: heavy astroturfing accusations + a plagiarism dispute the maintainer reportedly handled badly. Doesn't break the tool, but temper the hype.
  • Overkill check: if all you want is "crons don't miss when the laptop sleeps," a $5 VPS running your existing Python is simpler. Hermes earns its keep only if you also want the outreach + phone-agent.
The move

Recommended pilot — one lane, one week

Don't migrate anything. Prove the two new capabilities cheaply, with the fleet walled off.