Hermes Agent — Zero to Personal AI Assistant (Nate Herk 1-Hour Course)

Source: Hermes Agent — Zero to Personal AI Assistant 1 Hour Course (Nate Herk, YouTube, May 2026) + companion AIS+ Resource Guide PDF (raw/Hermes_Agent_From_Zero_to_Your_Own_Personal_AI_Assistant.pdf, 12 pages, AI Automation Society)

Nate Herk’s hour-long zero-to-running walkthrough of Hermes Agent — Nous Research’s open-source MIT-licensed self-improving AI agent (140k+ GitHub stars, fastest-growing open-source agent project at fetch). Covers the five-pillar mental model (memory / skills / soul / crons / self-improving loop), one-click Hostinger VPS setup with the Docker route, OpenAI Codex authentication via ChatGPT-subscription OAuth (no API keys), Telegram channel wiring, the Cloud-Code-as-VPS-manager pattern, live cron-creation demo, multi-agent architecture decision tree, and operator hygiene (least-privilege API keys, separate Gmail per agent, stale-memory debugging). Sister course to Nate’s Claude Code AIOS masterclass — same operator, different surface (Hermes is the on-the-go counterpart to Claude Code’s daily-driver desk surface).

Key Takeaways

• Hermes-vs-Claude-Code-vs-OpenClaw mental model. Nate’s three-way framing:

  • Claude Code = daily driver, 90% of knowledge work, sit-down at desk surface.
  • OpenClaw (350k+ stars, Peter Steinberger’s project before joining OpenAI; NemoClaw is Nvidia’s enterprise build on top) = on-the-go agent surface, larger team, frequent updates that occasionally break.
  • Hermes (140k stars, Nous Research) = lighter, faster, focused on self-improvement; more stable than OpenClaw in Nate’s experience; explicitly built for users who want to tinker with open-source models (Qwen, Llama). On-the-go same-class as OpenClaw.
  • Composing them: all coding agents work in a directory → that directory should be a GitHub repo → drop any agent on top of the same repo. Slight terminology differences (CLAUDE.md vs agents.md vs claude.md) but each agent recognizes its own conventions.

• Out-of-the-box Hermes capabilities (zero skill installs needed): voice mode (replies with audio + text), Excalidraw diagram generation, transcription, vision analysis of generated artifacts. 684 total skills in the ecosystem; 91 built-in; 520+ community skills in the Skills Hub (16 are Anthropic-official — canvas-design, frontend-design, skill-creator, etc — directly installable into Hermes).

• The Five Pillars (Hermes’ own self-generated Excalidraw diagrams shown in the course):

  1. Memory — small durable cross-session context. Two files: user.md (who you are, style, preferences, dislikes) + memory.md (environment, projects, business context). Both load at session start so Hermes wakes up non-stateless. Beginner nuance: durable preferences and facts → memory; old conversations → session search (SQLite-backed); never store secrets or temporary task status.
  2. Skills — procedural memory, reusable playbooks. skill.md per skill with YAML front matter so Hermes knows when to invoke it. Progressive disclosure — skills aren’t loaded until invoked. Hermes auto-extracts skills from repeated workflows. Memory = what to remember; Skill = how to do it again.
  3. Soul — soul.md shapes the assistant’s personality. “Six different Hermes agents could all have a different vibe — one concise, one rude, one whatever.” Evolves over time based on feedback. (Nate’s YouTube-comments Hermes has soul instructions to be sarcastic-but-not-rude.)
  4. Crons — turn Hermes from reactive into proactive scheduled automation. Natural-language schedule: “every morning at 6am do X.” Hermes uses tools to create the cron. At fire time it spawns a fresh isolated session (no inherited context), runs the skill, returns results to original chat. Safety nuance: cron sessions cannot recursively create more cron jobs — prompts must be self-contained. --no-agent flag runs a script-only with no agentic loop (just deploys the workflow, not the agent — same shape as the WAT framework’s “deploy workflow on Modal, not the agent”).
  5. Self-improving loop — work happens → save to memory or skill → repeat. “Automatic does not mean magic. The loop works best when the user corrects Hermes, asks it to save things to memory, and lets it create and update skills after complex work.”
  • Honorable mention: agents.md (the project-scoped context file, equivalent to Claude Code’s CLAUDE.md). More relevant when using Hermes via terminal in a coding project.

• Production crons Nate runs on his own Hermes: daily AI news briefing posted into his Skool community + YouTube comment monitoring with transcript-aware responses (the Hermes that auto-answers commenters has been live on his channel) + morning business summaries + server health checks + research reports + follow-up reminders.

• VPS setup via Hostinger (Nate’s stack since pre-Hermes — also runs his n8n, OpenClaw, Claude Code on Hostinger). KVM 2 plan recommended starter, Ubuntu 24.04 LTS. Hostinger ships one-click Hermes Agent install in their template gallery alongside n8n and NemoClaw. Nate’s annual-plan discount: code Nate Herk for 10% off. Two install paths:

  • Root install — Hermes lives at the root of the VPS. Single-tenant.
  • Docker container install (Nate’s preferred) — multi-tenant; spin up multiple Hermes/OpenClaw/Claude Code containers on the same VPS, each isolated with its own keys, memory, tools. Nate uses the office-building analogy: VPS = building, container = office, agent = employee.

• The Cloud-Code-as-VPS-manager pattern (Nate’s strongest opinion). Create a Claude Code project specifically to manage your VPS agents. One subfolder per agent (bull = trading bot, main-hermes = personal, upit-os = work, klaus = personal assistant), each holds its own .env with admin user/password, its own integration notes, security config, and IP. Why: when Hermes breaks during a random terminal command, Claude Code helps boot it back up and you don’t have to remember which password is for which VPS. Treats VPS infrastructure as a managed AI project, not a manually-tracked secrets pile.

• OpenAI Codex authentication = the cheapest non-open-source option. Sign Hermes in via your ChatGPT subscription ($20/$100/$200) — no per-token API key spend. Flow: quick setup → choose OpenAI Codex → URL appears → sign in to ChatGPT in browser → 9-digit code → paste back into terminal → fully signed in → choose model (GPT-5.5).

• Telegram channel setup walkthrough — /newbot to BotFather → name → username (must end bot) → copy token → paste into Hermes setup terminal → @userinfobot for your own user ID → home channel set. Hermes also supports Discord, Slack, WhatsApp, iMessage, terminal — Nate uses Telegram primarily.

• Live cron-creation demo: Nate asks his Hermes via natural language to mirror its assistant state to a GitHub repo at midnight Chicago time. Hermes:

  1. Detects that the container runs in UTC and a fixed-UTC time would break during daylight savings.
  2. Self-decides to schedule hourly with self-checked Central time instead — runs only at midnight Chicago.
  3. Writes the skill (nightly-github-sync).
  4. Calls cron-job-create and cron-job-list tools to register and verify.
  5. Updates memory.md with the new automation. This is the “natural language → Hermes designs around timezone gotcha → installs skill → schedules → updates memory” demo — concrete instance of the five pillars composing.

• Hyperframes-from-Hermes demo: Nate asks Hermes to install the Hyperframes skill and generate a 5-second self-introduction video based on Hermes’ own soul.md. Hermes installs the skill from URL, reads its own soul file (which it had been auto-populating during the session), and outputs a 5-second video — “Helpful, knowledgeable, direct. Think, build, research, automate. Nate, I’m your action engine. I turn messy goals into finished actions.” Worked as a one-shot end-to-end skill chain demo.

• Operator hygiene principles (Nate’s “treat Hermes like an intern” rule):

  • Separate accounts per agent — dedicated Gmail/AgentMail per Hermes, not your personal email.
  • Named API keys per agent — OpenRouter, Perplexity, etc — so you can see which Hermes spent which money.
  • Least-privilege rule — marketing Hermes doesn’t need QuickBooks read; finance Hermes does.
  • .env file is gitignored — secrets never committed even though the management repo is private.
  • Lock down the VPS firewall — Nate explicitly delegates this research to Hermes itself (“I asked Hermes and Claude Code to research my VPS environment and help me lock it down”). Build a recurring skill that audits security weekly.

• Multi-agent decision tree (when to spin up a new Hermes vs keep one mega-agent):

  1. Different permissions / secrets / tools needed? → new agent.
  2. Different long-term memory needed? → new agent.
  3. Ongoing repeated work? → new agent.
  4. One-off task? → keep in main personal Hermes.
  • Anti-pattern: mega-agent with all keys + all skills + all crons → high confusion + high blast-radius if compromised.
  • Better pattern: segment by vertical (marketing, finance, support, executive-assistant) or by social-media platform.
  • Migration is cheap because everything is markdown — when a finance specialty grows out of your main Hermes, copy the skills/crons/memory snippets into a new finance-Hermes container.

• Maintenance discipline — Nate’s four rules:

  1. When Hermes gets something wrong twice → correct on the spot AND update the relevant skill/memory.
  2. Same instruction asked twice → ask Hermes to write a skill for it.
  3. Hermes is too verbose / off-tone → edit the soul.
  4. When something breaks, check memory.md first. “Stale memory is the #1 cause of weird agent behavior.”
  5. New scheduled task → build a skill, then ask Hermes to schedule the cron.

• Hermes Dashboard — built-in web UI for recent sessions, connected platforms, kanban board (assign tasks across multiple Hermes agents and watch them move), keys/configs/skills/plugins. Local-only via SSH tunnel + gateway. Nate doesn’t use it much — when at his desk he’s in Claude Code, not Hermes Dashboard. First-time tunnel setup is finicky; have Hermes itself walk you through it, then save the procedure as a skill.

• Speech-to-text: Nate has switched fully from Whisper to Glideo (formerly Glido) — disclosure: he’s now an official member of the Glideo team. Faster, fully private, more agentic.

Companion Resource Guide (AIS+)

The course ships with a 12-page AIS+ resource guide PDF (AI Automation Society, by Nate Herk) that distills the video into a structured operator handbook. The PDF restates the five-pillar model and VPS setup at higher density and adds several details the video understated. Captured here so the wiki has the load-bearing parts without redistributing the PDF itself (the original lives in Nate’s free Skool community → Classroom → All YouTube Resources).

Priority #1 after onboarding: connect Hermes to a private GitHub repo

The PDF elevates this to the first thing every new Hermes agent should do, not a later optional step. Why: if the VPS gets corrupted, all skills, memory, and config still live in GitHub — spin up a new Hermes and sync.

• Tell Hermes: “Set this up as a private GitHub repo. Do research and figure out how it works.” Hermes already ships GitHub repo-management and GitHub auth skills built in.
• Hermes asks for: GitHub username, repo name, commit identity, personal access token.
• Hermes auto-creates .gitignore so secrets don’t get pushed even on private repos.
• Personal access token escalation path: try a fine-grained token with contents read/write first. If that fails (common: no permission to create repos), fall back to a classic token with full repo scope. Set expiration based on use — 30 days for testing, longer for permanent setups.

Safe API-key pattern: hermes config set (don’t paste keys into chat)

PDF makes this an explicit anti-pattern: never paste API keys directly into the Hermes chat. They live in conversation history forever.

# In Hostinger, click Open to enter the chat
# Then Ctrl+C to exit Hermes chat into the Docker shell
hermes config set GITHUB_TOKEN <paste-token-here>
# Then tell Hermes: "The new token is in the .env file as GITHUB_TOKEN."

• Saves to /opt/data/.env inside the Docker container — never the conversation log.
• Editing/deleting later: ask Hermes for the nano command to open the .env. Make sure you’re editing the .env inside the Docker container, not the root VPS .env (different files). Ctrl+O then Enter to save, Ctrl+X to exit.
• If nano isn’t installed, ask Hermes to install it or give an alternative editing command.

Permission levels in Telegram (always-allow trusted recurring actions)

When Hermes wants to run a command, Telegram asks at three levels:

• Allow once — single-call approval.
• Allow for the session — auto-approve for the rest of this conversation.
• Always allow — auto-approve for repetitive trusted actions like committing to a repo. Use for unattended cron jobs that need to run without prompts.

CLI vs Telegram: same agent, different visibility/control

Both interfaces run the functionally identical Hermes — Telegram does not run a weaker version. The difference is visibility and operator surface:

• CLI = the cockpit. Best for deep work, building, coding, “living inside the agent.” Better context-window visibility. All slash commands available. Use when sitting at your computer doing high-risk work.
• Telegram = the remote control. Best for scheduled tasks, quick check-ins, on-the-go work. Less visibility into context-window state. Auto-compaction happens under the hood as you approach token limits — you can’t see exactly when. Don’t vibe-code hardcore apps from Telegram. Use it for low-risk tasks.
• Important context note: context is token-based, not message-based. The model always sees system prompt, user.md, soul.md, etc. As you near the context-window limit, Hermes runs auto-compaction silently in Telegram — high-stakes work is riskier there.

VPS hardening — Nate’s specific firewall product

Hostinger’s built-in firewall option is what Nate uses on his VPS. Specific stack:

• Firewall product: Upguard (Hostinger ships this in their security panel).
• Lock down to your IP + block unused ports.
• Ask Hermes or Claude Code to research your environment and recommend a firewall config — they handle the un-fun research-and-document work.
• Build a nightly or weekly security-audit skill that checks for vulnerabilities. The PDF treats this as standard rather than optional.

8-item operator-grade summary (the PDF’s closing list)

The PDF’s Key Takeaways section is denser than most operator guides and worth lifting verbatim:

1. Hermes is best for on-the-go automation through Telegram. Claude Code stays the daily driver for desk-bound knowledge work. Don’t conflate them.
2. The five pillars (Memory, Skills, Soul, Crons, Self-Improving Loop) are the mental model for everything Hermes does.
3. Use the Hostinger one-click Docker install on Ubuntu 24.04 LTS. Code NATEHURK (PDF’s spelling — note: the YouTube uses Nate Herk; both may work in different Hostinger flows) gets 10% off annual plans.
4. Always set up a Claude Code project to track your VPS agents (passwords, IPs, configs). It pays off the first time something breaks.
5. First thing after onboarding: connect Hermes to a private GitHub repo and set a daily backup cron.
6. Never paste API keys into chat. Use hermes config set KEY_NAME <value> from inside the Docker container.
7. Treat each Hermes like a new hire: principle of least privilege, named API keys per agent, separate accounts where possible.
8. Stale memory.md is the #1 cause of weird agent behavior. Check it first when things go sideways.

Where the PDF and YouTube diverge

• GitHub-first workflow is implicit in the YouTube (Nate’s live cron demo is the GitHub-mirror cron) but explicit and prioritized in the PDF. The PDF is more prescriptive about ordering.
• hermes config set pattern is shown briefly in the YouTube but the PDF makes it the canonical anti-pattern-avoidance for API keys.
• CLI vs Telegram framing is structured in the PDF; in the YouTube Nate threads it across multiple tangents.
• YouTube has the live demos (cron creation with daylight-savings self-correction, the hyperframes-from-Hermes self-introduction skill chain) — those don’t appear in the PDF at all.
• Discount code spelling discrepancy: YouTube says Nate Herk (with space), PDF says NATEHURK (run-together). Verify in the Hostinger checkout flow which form Hostinger accepts.

Where it fits in the wiki

• Operator-track companion to Nate’s Claude Code AIOS masterclass — same operator, the cross-product reference for how he composes Claude Code (desk) + Hermes (on-the-go) + VPS infrastructure into one personal system.
• The Cloud-Code-as-VPS-manager pattern is the load-bearing operator insight — a Claude Code project tracks every VPS agent’s password/env/IP/integration notes, transforming infrastructure ops into a manageable AI project. Direct extension of the nine-component Agentic OS thesis (“an Agentic OS is just clever context management”).
• Five Pillars formalize the Hermes mental model — memory + skills + soul + crons + self-improving loop is the canonical decomposition. Maps cleanly onto Claude Code’s primitives but with an explicit soul.md for personality (no Claude Code equivalent).
• The Hostinger one-click install is the lowest-friction Hermes onboarding to date — reduces the “I need to learn SSH and Docker first” barrier that used to be the gating step for non-developers.

Implementation

• Tool/Service: Hermes Agent (Nous Research, MIT, 140k+ GitHub stars).
• Infrastructure: Hostinger VPS (KVM 2 starter, Ubuntu 24.04 LTS) + Docker (one-click install).
• Auth: OpenAI Codex via ChatGPT subscription OAuth ($20/100/200) — cheapest non-open-source path.
• Channels: Telegram (Nate’s primary), Discord, Slack, WhatsApp, iMessage.
• Cost: ~$100/yr Hostinger (annual KVM 2) + ChatGPT subscription. Code Nate Herk = 10% off Hostinger annual.
• Resource guide: Nate’s free Skool community → Classroom → All YouTube Resources (link in video description). Includes every doc, skill, GitHub repo, full setup guide.

Open Questions

• Skill installation safety — when Hermes auto-installs a skill from a URL the user pasted, what’s the trust model? No mention of skill signing or sandbox isolation in this course.
• Open-source-model integration depth — Nate says Hermes was built for tinkering with Qwen/Llama and wants to start experimenting, but didn’t demo it. Are there setup gotchas? Ollama integration? Cost comparison vs Codex?
• NemoClaw boundary — Hermes vs OpenClaw vs NemoClaw vs Claude Code vs Codex is partially covered, but where Nvidia’s NemoClaw enterprise stack fits (vs OpenClaw’s open-source base) was a brief mention only.
• Cron quotas / billing — fresh isolated session per fire is the architecture; what’s the practical cost? Nate’s 8+ daily crons against a Codex-OAuth’d Hermes — what does that bill out to monthly?
• Multi-Hermes inter-agent communication — Nate mentions delegation between Hermes agents (“your main Hermes / executive assistant figures out delegation”) but doesn’t show the protocol. Is this just “main Hermes calls finance Hermes via API” or is there a built-in mailbox?
• Backup strategy — daily auto-backups available on Hostinger plans; does Hermes ship its own state-export skill, or is the user responsible for backing up Docker volumes + GitHub-mirroring memory/skills/soul?

Try It

1. Watch the talk (YouTube gb5TlGw6Uks) — pacing is operator-friendly; cron-creation demo is the visceral hook.
2. Provision the VPS via Hostinger with code Nate Herk (10% off annual). KVM 2 + Ubuntu 24.04 LTS + Docker + one-click Hermes install template.
3. Set up the Cloud-Code-as-VPS-manager project FIRST — mkdir vps-agents, claude in there. Have Claude Code track this VPS’s IP, root password, admin password, env vars from minute one. Don’t rely on memory.
4. Authenticate Hermes via ChatGPT OAuth (cheapest path) — choose OpenAI Codex, paste 9-digit code, pick GPT-5.5.
5. Wire Telegram — /newbot to BotFather, copy token, get user ID from @userinfobot. Default home channel.
6. Run the GitHub-mirror cron experiment — ask Hermes in natural language: “Set up a cron to mirror your assistant state to GitHub at midnight Chicago time.” Watch it self-detect timezone gotcha and install the hourly self-checked variant.
7. Apply the four maintenance rules from day one — twice-wrong → update skill; twice-asked → ask Hermes to write the skill; off-tone → edit soul.md; weird behavior → check memory.md first.
8. Don’t spin up agent #2 until the decision tree clears it — most people only need one personal Hermes for months.

Related

• Hermes Agent topic index (most internal articles migrated to the WEOmarketly internal vault)
• Nate Herk Claude Code Operating Systems course — the desk-surface AIOS counterpart
• Simon Scrapes nine-component Agentic OS — convergent agent-OS architecture, Claude-Code-side
• 2026 Claude Code AIOS Pattern — synthesis of three independent practitioners converging on the same architecture
• OpenClaw on Rabbit R1 — voice-controlled OpenClaw fleet from R1 hardware
• Crabbox — short-lived Linux box per OpenClaw agent run; the on-demand counterpart to a long-lived VPS
• Printing Press — agent-designed CLI factory; same author (Nate Herk) tutorial endorses CLI-tier-1 over MCP
• HeyGen Hyperframes — the skill bundle used in Nate’s Hermes self-introduction demo