Timmy_Foundation/hermes-agent
16
0
Fork 0
Code Issues 38 Pull Requests 2 Actions 18 Packages Projects Releases Wiki Activity
Files
af9db00d24445eb53343cbfa66da3da9b33187e5
hermes-agent/new_skill_recommendations.md
Allegro 10271c6b44
Some checks failed
Supply Chain Audit / Scan PR for supply chain risks (pull_request) Failing after 25s
Details
Tests / test (pull_request) Failing after 24s
Details
Docker Build and Publish / build-and-push (pull_request) Failing after 35s
Details
security: fix command injection vulnerabilities (CVSS 9.8) 
Replace shell=True with list-based subprocess execution to prevent
command injection via malicious user input.

Changes:
- tools/transcription_tools.py: Use shlex.split() + shell=False
- tools/environments/docker.py: List-based commands with container ID validation

Fixes CVE-level vulnerability where malicious file paths or container IDs
could inject arbitrary commands.

CVSS: 9.8 (Critical)
Refs: V-001 in SECURITY_AUDIT_REPORT.md
2026-03-30 23:15:11 +00:00

372 lines
10 KiB
Markdown
Raw Blame History

# New Skill Recommendations
## Summary
Based on comprehensive analysis of the 116 existing skills across 20+ categories, the following 10 skills are recommended to fill critical gaps in the Hermes skills ecosystem.
---
## 1. stripe-integration
**Category:** `payments`
**Description:** Process payments, manage subscriptions, and handle webhooks with Stripe API
**Justification:** Payment processing is a common need for businesses, yet completely absent from current skills. Stripe is the dominant payment processor for developers.
**Required Environment Variables:**
- `STRIPE_SECRET_KEY` - API key for authentication
- `STRIPE_WEBHOOK_SECRET` - For webhook verification
**Key Features:**
- Payment Intent creation and management
- Subscription lifecycle management
- Webhook handling and verification
- Customer management
- Refund processing
- Test mode vs live mode guidance
**Related Skills:** None (new category)
**Files:**
- `SKILL.md` - Main documentation
- `references/api-cheat-sheet.md` - Common API calls
- `references/webhook-events.md` - Event type reference
- `templates/subscription-flow.py` - Complete subscription example
- `templates/payment-form.html` - Client-side integration
---
## 2. postgres-admin
**Category:** `databases`
**Description:** PostgreSQL administration, query optimization, backup/restore, and performance tuning
**Justification:** Only vector databases (Qdrant, Chroma, Pinecone, FAISS) are covered. Relational database operations are essential for most applications.
**Required Environment Variables:**
- `DATABASE_URL` - Connection string
**Key Features:**
- Connection management and pooling
- Query optimization and EXPLAIN analysis
- Index creation and management
- Backup and restore procedures
- User and permission management
- Migration strategies
- Performance monitoring
**Related Skills:** `redis-operations` (recommended below)
**Files:**
- `SKILL.md` - Core documentation
- `references/query-optimization.md` - Performance tuning guide
- `references/backup-strategies.md` - Backup methods comparison
- `scripts/schema-analyzer.py` - Schema analysis tool
- `templates/migration-template.sql`
---
## 3. redis-operations
**Category:** `databases`
**Description:** Redis caching patterns, session management, pub/sub, and data structures
**Justification:** Caching is critical for scalable applications. Redis is the most popular caching solution but completely uncovered.
**Required Environment Variables:**
- `REDIS_URL` - Connection string
**Key Features:**
- Data structure selection guide
- Caching patterns and strategies
- Session management implementation
- Pub/sub messaging patterns
- Rate limiting implementations
- Distributed locking
- Memory optimization
**Related Skills:** `postgres-admin`
**Files:**
- `SKILL.md` - Main documentation
- `references/data-structures.md` - When to use each type
- `references/caching-patterns.md` - Cache-aside, write-through, etc.
- `templates/rate-limiter.py` - Production rate limiter
- `templates/session-store.py` - Session management implementation
---
## 4. kubernetes-deploy
**Category:** `devops`
**Description:** Kubernetes deployment, service management, ingress configuration, and troubleshooting
**Justification:** Container orchestration is essential for modern deployment. While `docker-management` exists as optional, Kubernetes is the production standard.
**Required Environment Variables:**
- `KUBECONFIG` - Path to kubeconfig file
**Key Features:**
- Deployment and service creation
- ConfigMaps and Secrets management
- Ingress and TLS configuration
- Rolling updates and rollbacks
- Resource limits and HPA
- Debugging pods and logs
- Helm chart basics
**Related Skills:** `docker-management` (optional), `webhook-subscriptions`
**Files:**
- `SKILL.md` - Core documentation
- `references/kubectl-cheatsheet.md`
- `references/troubleshooting-guide.md`
- `templates/deployment.yaml` - Production-ready template
- `templates/service-ingress.yaml` - Complete service setup
---
## 5. aws-cli
**Category:** `cloud`
**Description:** AWS CLI operations for EC2, S3, RDS, Lambda, and CloudFormation
**Justification:** Only Lambda Labs and Modal are covered for cloud. AWS dominates cloud infrastructure and is essential for many workflows.
**Required Environment Variables:**
- `AWS_ACCESS_KEY_ID`
- `AWS_SECRET_ACCESS_KEY`
- `AWS_REGION`
**Key Features:**
- Authentication and profile management
- S3 bucket operations
- EC2 instance lifecycle
- RDS database management
- Lambda function deployment
- CloudFormation stack management
- IAM policy management
**Related Skills:** `lambda-labs`, `modal`, `postgres-admin` (RDS)
**Files:**
- `SKILL.md` - Main documentation
- `references/service-matrix.md` - Service selection guide
- `references/iam-policies.md` - Common policy templates
- `templates/s3-lifecycle.json`
- `scripts/cost-estimator.py`
---
## 6. react-native-build
**Category:** `mobile`
**Description:** React Native app development, build processes, and deployment to App Store/Play Store
**Justification:** Mobile development is completely absent from skills. React Native covers both iOS and Android with single codebase.
**Required Environment Variables:**
- None (but requires Xcode, Android SDK)
**Key Features:**
- Project initialization and structure
- iOS build and signing
- Android build and signing
- Environment configuration
- Navigation patterns
- State management integration
- App Store / Play Store submission
- Over-the-air updates
**Related Skills:** None (new category)
**Files:**
- `SKILL.md` - Core documentation
- `references/build-troubleshooting.md` - Common build issues
- `references/app-store-checklist.md`
- `templates/navigation-structure.js`
- `scripts/build-and-sign.sh`
---
## 7. terraform-iac
**Category:** `infrastructure`
**Description:** Infrastructure as Code with Terraform for AWS, GCP, Azure, and custom providers
**Justification:** Infrastructure management is not covered. Terraform is the standard for declarative infrastructure.
**Required Environment Variables:**
- Variable depending on provider (AWS, GCP, Azure credentials)
**Key Features:**
- Provider configuration
- Resource declaration patterns
- State management and remote backends
- Module creation and reuse
- Workspace management
- Plan and apply workflows
- Importing existing resources
- Drift detection
**Related Skills:** `aws-cli`, `kubernetes-deploy`, `webhook-subscriptions`
**Files:**
- `SKILL.md` - Main documentation
- `references/state-management.md` - State best practices
- `references/provider-matrix.md`
- `templates/aws-vpc-module.tf`
- `templates/gcp-gke-cluster.tf`
---
## 8. prometheus-monitoring
**Category:** `observability`
**Description:** Metrics collection, alerting rules, and dashboard creation with Prometheus and Grafana
**Justification:** No monitoring or observability skills exist. Critical for production operations.
**Required Environment Variables:**
- `PROMETHEUS_URL` - Prometheus server URL
- `GRAFANA_API_KEY` - For dashboard management (optional)
**Key Features:**
- Metric types and naming conventions
- PromQL query writing
- Recording and alerting rules
- Service discovery configuration
- Grafana dashboard creation
- Alertmanager configuration
- Custom exporter development
- SLO/SLI monitoring
**Related Skills:** `dogfood` (complement for self-monitoring)
**Files:**
- `SKILL.md` - Core documentation
- `references/promql-cheatsheet.md`
- `references/alerting-best-practices.md`
- `templates/alerts.yml` - Common alert rules
- `templates/dashboard.json` - Grafana dashboard
---
## 9. elasticsearch-query
**Category:** `search`
**Description:** Full-text search, aggregation queries, and index management with Elasticsearch/OpenSearch
**Justification:** Search functionality is limited to DuckDuckGo web search. Elasticsearch is essential for application search.
**Required Environment Variables:**
- `ELASTICSEARCH_URL`
- `ELASTICSEARCH_API_KEY` (optional)
**Key Features:**
- Index creation and mapping design
- Full-text search queries
- Filtering and boosting
- Aggregation queries
- Relevance tuning
- Cluster health monitoring
- Migration from previous versions
- OpenSearch compatibility
**Related Skills:** `duckduckgo-search` (complementary)
**Files:**
- `SKILL.md` - Main documentation
- `references/query-dsl-guide.md`
- `references/mapping-best-practices.md`
- `templates/search-api.py` - Python search implementation
- `templates/index-template.json`
---
## 10. figma-api
**Category:** `design`
**Description:** Figma API integration for design system management, asset export, and design tokens
**Justification:** Design integration is minimal (only Excalidraw). Figma is the dominant design tool for teams.
**Required Environment Variables:**
- `FIGMA_ACCESS_TOKEN`
- `FIGMA_FILE_KEY` (optional, can be per-request)
**Key Features:**
- Authentication and file access
- Design token extraction
- Asset export automation
- Component library management
n- Design system documentation generation
- Version history access
- Comment and collaboration API
- Webhook integration
**Related Skills:** `excalidraw` (complementary)
**Files:**
- `SKILL.md` - Core documentation
- `references/design-tokens-schema.md`
- `references/file-structure.md`
- `scripts/export-assets.py` - Asset export automation
- `templates/design-system-docs.md`
---
## Implementation Priority
### Phase 1 (High Impact, Broad Appeal)
1. **stripe-integration** - Universal business need
2. **postgres-admin** - Core infrastructure skill
3. **aws-cli** - Dominant cloud provider
### Phase 2 (Developer Productivity)
4. **redis-operations** - Common caching need
5. **react-native-build** - Mobile development gap
6. **terraform-iac** - Infrastructure management
### Phase 3 (Production Operations)
7. **kubernetes-deploy** - Container orchestration
8. **prometheus-monitoring** - Observability essential
9. **elasticsearch-query** - Application search
10. **figma-api** - Design workflow integration
---
## New Category Structure
```
skills/
├── payments/
│ └── stripe-integration/
├── databases/
│ ├── postgres-admin/
│ └── redis-operations/
├── mobile/
│ └── react-native-build/
├── infrastructure/
│ └── terraform-iac/
├── observability/
│ └── prometheus-monitoring/
└── search/
└── elasticsearch-query/
```
---
*Recommendations generated: 2024-03-30*
*Analysis based on: 116 existing skills*
Reference in New Issue View Git Blame Copy Permalink