Turn Hermes Agent into the first **universal skills client** — not locked to any single ecosystem, but capable of pulling skills from ClawHub, GitHub, Claude Code plugin marketplaces, the Codex skills catalog, LobeHub, AI Skill Store, Vercel skills.sh, local directories, and eventually a Nous-hosted registry. Think of it like how Homebrew taps work: multiple sources, one interface, local-first with optional remotes.
The key insight: there is now an **official open standard** for agent skills at [agentskills.io](https://agentskills.io/specification), jointly adopted by OpenAI (Codex), Anthropic (Claude Code), Cursor, Cline, OpenCode, Pi, and 35+ other agents. The format is essentially identical to what Hermes already uses (SKILL.md + supporting files). We should fully adopt this standard and build a **polyglot skills client** that treats all of these as valid sources, with a security-first approach that none of the existing registries have nailed.
---
## Ecosystem Landscape (Research Summary, Feb 2026)
### The Open Standard: agentskills.io
Published by OpenAI in Dec 2025, now adopted across the ecosystem. Spec lives at [agentskills.io/specification](https://agentskills.io/specification). Key points:
1.**ClawHavoc (Feb 2026):** 341 malicious skills found on ClawHub. 335 from a single coordinated campaign. Exfiltrated env vars, installed Atomic Stealer malware.
2.**Cisco research:** 26% of 31,000 publicly available skills contained suspicious patterns.
3.**Bitsight report:** Exposed OpenClaw instances with terminal access are a top security risk.
def source_id(self) -> str # e.g. "clawhub", "github", "nous"
```
### Source 1: ClawHub Adapter
ClawHub's backend is Convex with HTTP actions. Rather than depending on their npm CLI, we write a lightweight Python HTTP client.
- **Search:** Hit their vector search endpoint (they use `text-embedding-3-small` + Convex vector search). Fall back to their lexical search if embeddings are unavailable.
- **Install:** Download the skill bundle (SKILL.md + supporting files) via their API. They return versioned file sets.
- **Auth:** Optional. ClawHub allows anonymous browsing/downloading. Auth (GitHub OAuth) only needed for publishing.
- **Rate limiting:** Respect their per-IP/day dedup. Cache search results locally for 1 hour.
The official `openai/skills` GitHub repo has tiered skills:
-`.system` — auto-installed in Codex (we could auto-import these too)
-`.curated` — vetted by OpenAI, high quality
-`.experimental` — community submissions
Codex has a built-in `$skill-installer` that uses `scripts/list-skills.py` and `scripts/install-skill-from-github.py`. We can either call these scripts directly or replicate the GitHub API calls in Python.
```python
class OpenAISkillsSource(SkillSource):
REPO = "openai/skills"
TIERS = [".curated", ".experimental"]
async def search(self, query, limit=10):
# Fetch skill index from GitHub API, filter by query
...
async def fetch(self, slug, version="latest"):
# Download specific skill dir from openai/skills repo
...
```
### Source 4: Claude Code Plugin Marketplaces
Claude Code has a distributed marketplace system. Any GitHub repo with a `.claude-plugin/marketplace.json` is a marketplace. The schema supports GitHub repos, Git URLs, npm packages, and pip packages as plugin sources.
This is powerful because there are already 2,748+ marketplace repos. We could:
- Index the known marketplaces from claudemarketplaces.com
- Parse their `marketplace.json` to discover available skills
- Download skills from the source repos they point to
LobeHub has 14,500+ skills with a web interface. If they have an API, we can search it:
```python
class LobeHubSource(SkillSource):
BASE_URL = "https://lobehub.com"
# Search their marketplace API for skills
...
```
### Source 6: Vercel skills.sh / npx skills
Vercel's `npx skills` CLI is already a universal installer that works across 35+ agents. Rather than competing with it, we could leverage it as a fallback source — or at minimum, ensure our install paths are compatible so `npx skills add` also works with Hermes.
Key insight: `npx skills add owner/repo` detects installed agents and places skills in the right directories. If we register Hermes's skill path convention, any skills.sh-compatible repo just works.
### Source 7: Raw URL / Local Path
Allow installing from any URL pointing to a git repo or tarball containing a SKILL.md:
A Nous Research-hosted registry with curated, security-audited skills specifically tested with Hermes. This would be the "blessed" source. Differentiation:
- Every skill tested against Hermes Agent specifically (not just OpenClaw)
- Security audit by Nous team before listing
- Skills can declare Hermes-specific features (tool dependencies, required env vars, min agent version)
- Community submissions via PR, reviewed by maintainers
---
## Part 2: Skills Guard (Security Layer)
This is where we differentiate hard from ClawHub's weak security posture. Every skill goes through a pipeline before it touches the live skills/ directory.
"description": "Install a skill from an online registry into the local skills directory. Runs security scanning before installation. Requires user confirmation for community-sourced skills.",
"parameters": {
"slug": {"type": "string", "description": "Skill slug or GitHub URL"},
"source": {"type": "string", "default": "auto"},
"category": {"type": "string", "description": "Category folder to install into"}
}
}
```
### Workflow Example
User: "I need to work with Kubernetes deployments"
On install, we parse any of these formats and ensure the SKILL.md works with Hermes's existing `_parse_frontmatter()`. The normalizer:
1.**OpenClaw metadata extraction:**
-`metadata.openclaw.requires.env` → adds to Hermes `compatibility` field
-`metadata.openclaw.requires.bins` → adds to `compatibility` field
-`metadata.openclaw.install` → logged in lock.json for reference, not used by Hermes
-`metadata.openclaw.emoji` → preserved in metadata, could use in skills_list display
2.**Codex metadata extraction:**
-`metadata.short-description` → stored as-is (Hermes can use for compact display)
-`agents/openai.yaml` → if present, extract tool dependencies into `compatibility`
-`policy.allow_implicit_invocation` → could map to a Hermes "auto-load" vs "on-demand" setting
3.**Universal handling:**
- Preserves all frontmatter fields (Hermes ignores unknown ones gracefully)
- Checks for agent-specific instructions (e.g., "run `clawhub update`", "use $skill-installer") and adds a note
- Adds a `source` field to frontmatter for tracking origin
- Validates against agentskills.io spec constraints (name length, description length)
-`_parse_frontmatter()` in skills_tool.py already handles this — no changes needed for reading
4.**Important: DO NOT modify downloaded SKILL.md files.**
Store normalization metadata in the lock file instead. This preserves the original skill for updates/diffing and avoids breaking skills that reference their own frontmatter.
---
## Part 7: File Structure (New Files)
```
Hermes-Agent/
├── tools/
│ ├── skills_tool.py # Existing — no changes needed
│ ├── skills_hub_tool.py # NEW — agent-facing search/install tools
This makes Hermes a first-class citizen in the broader agent skills ecosystem rather than just a consumer.
### 6. npx skills Compatibility
Register Hermes as a supported agent in the Vercel skills.sh ecosystem. This means anyone running `npx skills add owner/repo` will see Hermes as an install target alongside Claude Code, Codex, Cursor, etc. The table would look like:
This is probably a PR to vercel-labs/skills — they already support 35+ agents and seem welcoming.
### 7. Marketplace.json for Hermes Skills
Create a `.claude-plugin/marketplace.json` in the Hermes-Agent repo so Hermes's built-in skills (axolotl, vllm, etc.) are installable by Claude Code users too:
```json
{
"name": "hermes-mlops-skills",
"owner": { "name": "Nous Research" },
"plugins": [
{"name": "axolotl", "source": "./skills/mlops/axolotl", "description": "Fine-tuning with Axolotl"},
This is zero-effort marketing — anyone who runs `/plugin marketplace add NousResearch/Hermes-Agent` in Claude Code gets access to our curated ML skills.
### 8. Trust-Aware Skill Loading
When the agent loads an external skill, prepend a trust context note:
```
[This skill was installed from ClawHub (verified, scanned 2026-02-17).
Trust level: verified. It requires env vars: GITHUB_TOKEN.]
```
This lets the model make informed decisions about how much to trust the skill's instructions, especially important given the prompt injection attacks seen in the wild.
---
## Open Questions
1.**Node.js dependency?** ClawHub CLI is npm-based. Do we vendor it or rewrite the HTTP client in Python?
- Recommendation: Pure Python with httpx. Avoid forcing Node on users.
- Update: The `npx skills` CLI from Vercel is also npm-based but designed as `npx` (no global install needed). Could use it as optional enhancer.
2.**Default taps?** Should we ship with ClawHub and awesome-openclaw-skills enabled by default, or require explicit opt-in?
- Recommendation: Ship with them as available but not auto-searched. First `hermes skills search` prompts to enable.
- Update: Consider shipping with `openai/skills` and `anthropics/skills` as defaults — these are the official repos with higher trust.
3.**Auto-install?** Should the agent be able to install skills without user confirmation?
- Recommendation: Never for community sources. Verified/trusted sources could have an "auto-install" config flag, default off.
4.**Skill conflicts?** What if a hub skill has the same name as a builtin?
- Recommendation: Builtins always win. Hub skills get namespaced: `hub/skill-name` if conflict detected.
- Note: Codex handles this with scope priority (REPO > USER > ADMIN > SYSTEM). We could adopt similar precedence.
5.**Disk space?** 3,000+ skills on ClawHub, 14,500+ on LobeHub. Users won't install all of them, but should we cache search results or skill indices?
- Recommendation: Cache search results for 1 hour. Don't pre-download indices. Skills are small (mostly markdown), disk isn't a real concern.
6.**agentskills.io compliance vs Hermes extensions?** Our `tags` and `related_skills` fields aren't in the standard.
- Recommendation: Keep them. The spec explicitly allows `metadata` for extensions. Move them under `metadata.hermes.tags` and `metadata.hermes.related_skills` for new skills, keep backward compat for existing ones.
7.**Which registries to prioritize?** There are now 8+ potential sources.
- Recommendation for MVP: GitHub adapter only (covers openai/skills, anthropics/skills, awesome lists, any repo). This one adapter handles 80% of use cases. Add ClawHub API in Phase 2.
8.**Security scanning dependency?** Should we integrate AgentVerus, build our own, or both?
- Recommendation: Start with our own lightweight `skills_guard.py` (regex patterns). Optionally invoke AgentVerus if installed. Don't make it a hard dependency.
