Hermes Agent's skill trust model is a four-repo allowlist
So far I've only been running openclaw agents and had a steep learning curve. "self-improvement" became a very attractive term on this journey. So I took a dive into Hermes Agent, the self-improving agent runtime from Nous Research. One of the first things I wanted to understand was a risk: what actually happens when you install a community skill? Skills are code and instructions that the agent will execute, and Hermes pulls them from an open ecosystem. So I read the install path in the source - instead of blindly trusting the docs. What I found is better than I expected in one way and structurally limited in another. What Hermes already has on board Hermes does not install external skills blindly. Every externally-sourced skill goes through a real gate before it lands on disk. In hermes_cli/skills_hub.py , the install flow is: fetch → quarantine → scan → policy decision → install or block-and-audit. The scan lives in tools/skills_guard.py and runs regex-based static analysis for known-bad patterns: secret exfiltration ( curl interpolating $API_KEY / $TOKEN / $SECRET ), reads of credential stores ( ~/.ssh , ~/.aws , ~/.gnupg , ~/.kube , and Hermes's own ~/.hermes/.env ), destructive commands, persistence, and obfuscation. If the scan blocks an install, the quarantined copy is deleted and the event is written to an audit log. This is more than most agent tooling ships with. If you remember the wave of malicious skills that hit competing ecosystems, a chunk of that class of attack would be caught here before anything ran. Someone thought about this. The part that doesn't scale imo The scanner produces a verdict — safe , caution , or dangerous . That verdict is then combined with a trust level to decide whether to install. The trust levels and their policies look like this: INSTALL_POLICY = { # safe caution dangerous " builtin " : ( " allow " , " allow " , " allow " ), " trusted " : ( " allow " , " allow " , " block " ), " community " : ( " allow " , " block " , " bloc