The Hermes Agent topic — covering the self-hosted self-improving agent framework (formerly Clawdbot, now part of the OpenClaw ecosystem) — has been migrated to a separate internal vault and is no longer publicly published. WEO-internal Hermes deployments, configs, and skill libraries live in the WEOmarketly vault. Public Hermes course material (covering the open-source product and publicly-documented setup patterns) stays in this vault.
Public Hermes course material
- Hermes Agent — Security Model (Defense-in-Depth) — Nous Research’s official seven-layer security model for self-hosted Hermes deployments: (1) dangerous command approval against a curated pattern list (
rm -rf,bash -c,curl \| sh,teeto~/.ssh, etc.), (2) container/sandbox isolation, (3) MCP-server credential scoping (each MCP subprocess sees only its declaredenvblock, not the full host env), (4) credential redaction in error messages (ghp_...,sk-...,token=, etc. →[REDACTED]), (5) website access policy, (6) user authorization on messaging channels, (7) encrypted secrets at rest (decrypted only at heartbeat). Three approval modes (manual/smart/off) configured via~/.hermes/config.yaml. Why each layer matters and what fails if it isn’t there. Operational pairing with Nate Herk’s course — platform-side defenses + operator-side discipline together close the security loop. - Hermes Agent — User Stories and Use Cases — Community-curated catalog from Hermes’ official docs across five categories: Privacy & Self-Hosted (Tailscale serve for secure remote access without exposed ports), Business Ops (Google Slides, Hunter.io for sales outreach, live inventory tracking, AgentMail email-inbox via MCP), Integrations (JMAP for Fastmail), Personal Assistant (Google Tasks), Meta & Ecosystem (OpenClaw → Hermes shadow-mode migration, real cutover testimonials). Three operational patterns surface from the catalog: (1) Hermes’ value prop is stateful business agent, not coding agent — multi-day session continuity matters more than raw code-gen speed; (2) MCP is the integration substrate — every new integration ships as MCP server or skill wrapping one; (3) OpenClaw → Hermes migration is a real, documented path. Useful as roadmap signal and deployment-pattern map.
- Hermes Agent — Zero to Personal AI Assistant (Nate Herk 1-Hour Course) — May 2026 YouTube walkthrough by Nate Herk. Covers the five-pillar mental model (memory / skills / soul / crons / self-improving loop), Hostinger one-click VPS setup with the Docker route (KVM 2 plan, code
Nate Herkfor 10% off annual), OpenAI Codex authentication via ChatGPT subscription OAuth (cheapest non-open-source path), Telegram channel wiring through BotFather, the Cloud-Code-as-VPS-manager pattern (one Claude Code project tracks all VPS agents’ passwords/env/IPs/integration notes), live cron-creation demo where Hermes self-detects a daylight-savings gotcha and installs an hourly self-checked variant, multi-agent decision tree (when to spin up a new Hermes vs keep one mega-agent), and operator hygiene (least-privilege API keys, separate Gmail per agent, stale memory is the #1 cause of weird agent behavior). Sister course to Nate’s Claude Code AIOS masterclass — same operator, on-the-go surface vs desk surface.
OpenClaw-related public articles in this wiki
- OpenClaw on Rabbit R1 — voice-controlling a cloud OpenClaw agent fleet from R1 hardware
- Crabbox — Remote Testbox for OpenClaw Maintainers and AI Agents — short-lived Linux box per agent run, native OpenClaw plugin
- Printing Press — Agent-Designed CLI Factory — generates Claude Code skills + OpenClaw skills + MCP servers + Go CLIs from one spec; Peter Steinberger’s discrawl + gogcli playbook acknowledged
- TinyFish — web infra APIs that integrate with OpenClaw
- oh-my-claudecode — forwards session events to OpenClaw
For end-to-end agent infrastructure context, see Agents & Agentic Systems.