Hermes AI Assistant Skills for Real Production Setups

Hermes AI assistant, officially documented as Hermes Agent, is not positioned as a simple chat wrapper.

For installation, provider setup, tool sandboxing, and gateway configuration, see the Hermes AI Assistant guide. This article focuses on the skills and profile architecture that determines how Hermes behaves once it is running.

The official docs and repository describe a self-improving agent with a built-in learning loop that creates skills from experience, improves them during use, persists knowledge across sessions, and runs on anything from a low-cost VPS to cloud sandboxes.

In April, 2026, the public GitHub repository shows about 94.6k stars, 13.2k forks, and a latest release tagged v0.10.0 on April 16, 2026. That is enough activity to call the project fast-moving, well-adopted, and still operationally young at the same time.

That dual nature matters for production design. Hermes is mature enough to support real work, but dynamic enough that a messy setup will age badly. The article below treats configuration and skills as an operational architecture question, not as a feature checklist.

Why Hermes needs a profile-first architecture

Hermes skills are on-demand knowledge documents. They use progressive disclosure so the agent can see a compact skill index first and only load full skill content when needed, which keeps token use under control even when many skills are installed. Every installed skill becomes a slash command in the CLI and in messaging surfaces, and the docs explicitly position skills as the preferred extension mechanism when a capability can be expressed with instructions, shell commands, and existing tools rather than custom agent code.

The production complication is that Hermes treats skills as living state, not frozen packages. Bundled skills, hub-installed skills, and agent-created skills all live under ~/.hermes/skills/, and the docs state that the agent can modify or delete skills. The same system exposes create, patch, edit, delete, and supporting-file actions for skill management. That is powerful, but it also means one oversized “do everything” agent tends to become a procedural junk drawer.

Profiles are the answer. Hermes profiles are fully isolated environments, each with its own config.yaml, .env, SOUL.md, memories, sessions, skills, cron jobs, and state database. The CLI also turns a profile into its own command alias, so a profile called coder becomes coder chat, coder setup, coder gateway start, and so on. In practice, that makes profiles the real unit of production ownership, not the individual skill.

The production baseline

The baseline shape is surprisingly clean. Hermes stores non-secret behavior in ~/.hermes/config.yaml, secrets in ~/.hermes/.env, identity in SOUL.md, persistent facts in memories/, procedural knowledge in skills/, scheduled jobs in cron/, sessions in sessions/, and logs in logs/. The hermes config set command routes API keys into .env and everything else into config.yaml, and the documented precedence order is CLI flags first, then config.yaml, then .env, then built-in defaults. That is also the cleanest answer to the production FAQ about how secrets and config should be split.

A practical multi-profile layout usually ends up looking something like this, with one profile per responsibility rather than one profile per human:

~/.hermes/profiles/
  eng/
  research/
  ops/
  execops/
  ml/

That pattern matches how Hermes profiles are documented: each profile is its own isolated environment, and profiles can be cloned from a base configuration when common defaults are useful. The docs also note that profiles do not share memory or sessions, and that updated skills can be synced across profiles when the main installation is updated.

The next production boundary is execution. Hermes supports six terminal backends - local, Docker, SSH, Modal, Daytona, and Singularity - and the security docs describe a defense-in-depth model that includes dangerous command approval, container isolation, MCP credential filtering, context file scanning, cross-session isolation, and input sanitization. In other words, the “profile first” decision answers who owns state, and the backend decision answers where risky work is allowed to happen.

Automation sits on top of that baseline. Hermes cron jobs can attach zero, one, or multiple skills, and they run in fresh agent sessions rather than inheriting the current chat. The messaging gateway is also the background process that manages sessions, runs cron, and routes results back to platforms like Telegram, Discord, Slack, WhatsApp, Email, Matrix, and others. The official MCP guide adds one more production rule that is easy to overlook: the best pattern is not to connect everything, but to expose the smallest useful surface.

The software engineering profile

The most obvious Hermes persona is the software engineer who wants the agent to behave less like a chat window and more like a repeatable repo operator. This profile usually cares about repository auth, issue triage, PR creation, code review, debugging, and plan-backed execution. In the Hermes catalogs, the core built-in skill pack is unusually coherent for that job: github-auth, github-issues, github-pr-workflow, github-code-review, code-review, plan, writing-plans, systematic-debugging, and test-driven-development. If delegation matters, Hermes also ships built-in autonomous agent skills such as codex, claude-code, opencode, and hermes-agent-spawning.

What makes that pack useful is not any single skill. It is the way the skills encode development procedure. github-pr-workflow covers the full PR lifecycle, github-issues formalizes issue operations, github-code-review and code-review make review a distinct step instead of an afterthought, and systematic-debugging keeps the agent from jumping straight to premature fixes. That also answers the practical question of which AI assistant skills matter most for coding workflows. The highest-value skills are usually the ones that lock in repo hygiene and review discipline, not the ones that promise more raw code generation.

Hermes delegation strengthens this profile further. The platform can spawn isolated child agents with their own conversation, terminal session, and toolset, and only the final summary is returned to the parent. For codebases, that is a cleaner fit than stuffing every intermediate diff, stack trace, and review note into one conversation. In production terms, the engineering profile benefits from narrow skill sets, a sandboxed backend such as Docker or SSH, and generous use of delegation when context noise starts to dominate.

The research and knowledge profile

The research profile is where Hermes starts to feel distinct from ordinary assistants. The built-in catalogs already include arxiv, duckduckgo-search, blogwatcher, llm-wiki, ocr-and-documents, obsidian, domain-intel, and ml-paper-writing, while the official optional catalog adds qmd, parallel-cli, scrapling, and a broader research tier for specialized domains. That stack covers paper search, source monitoring, OCR, local note systems, domain reconnaissance, writing, and hybrid retrieval without forcing everything into a single RAG pattern.

This profile is also the clearest place to answer the memory-versus-skills question. Hermes documentation defines memory as facts about users, projects, and preferences, while skills store procedures for how to do things. Research work needs both. Memory holds what the assistant has already learned about the domain and the reader’s preferences; skills encode repeatable procedures such as “scan arXiv, summarize new papers, and write notes into Obsidian.” That distinction matters because production research systems fail when everything is treated as memory or everything is treated as workflow. Hermes gives those concerns separate homes.

The research profile also benefits disproportionately from cron. Hermes cron jobs can explicitly load skills before execution, and the automation guides stress that scheduled prompts must be fully self-contained because they run in fresh sessions. A recurring pipeline that combines blogwatcher, arxiv, obsidian, or llm-wiki is therefore more reliable than a vague “check what changed today” job. In other words, research profiles work best when source discovery, note writing, and long-term storage are each represented by a named skill rather than hidden inside one long natural-language prompt.

The automation and operations profile

The ops profile is less glamorous and often more valuable. This is the user who wants Hermes to react to events, inspect systems, run scripted checks, route output to a channel, and do all of that without turning the host into a liability. Hermes has the right building blocks for that style of work: built-in webhook-subscriptions for event-driven activation, built-in native-mcp and mcporter for MCP-based tools, and official optional skills such as docker-management, fastmcp, cli, and 1password when the workflow expands into containers, custom MCP servers, or secret injection.

The reason this pack works is that each skill owns one boundary. webhook-subscriptions handles ingress from external systems. docker-management turns container chores into a named procedure instead of a free-form shell game. fastmcp is useful when Hermes needs to become the orchestrator around new MCP tools, and 1password keeps secret handling explicit rather than smuggled into shell history or markdown files. The official MCP guidance reinforces the same production instinct: connect the right thing with the smallest useful surface.

This profile is also the cleanest place to answer how scheduled AI workflows stay reliable. Hermes cron documentation says jobs run in fresh sessions, can attach one or more skills, and should use self-contained prompts. The cron troubleshooting guide adds that automatic firing depends on the gateway ticker rather than an ordinary CLI chat session. So the reliable pattern is straightforward even if the implementation is not: explicit skills, explicit delivery target, self-contained prompt, isolated backend, and a gateway that is actually running.

The executive operations profile

There is a quieter but very real Hermes persona that looks like a chief of staff, operations lead, or heavily overloaded founder. The relevant skills are less flashy and more office-shaped: google-workspace, notion, linear, nano-pdf, powerpoint, and the built-in himalaya email skill, plus official optional skills such as agentmail, telephony, and one-three-one-rule. That mix gives Hermes access to inbox, calendar, docs, tasks, decks, PDF cleanup, a structured communication framework, and even phone and SMS workflows where that actually matters.

The flow here is more important than the catalog. google-workspace anchors day-to-day execution. Notion and Linear prevent the assistant from becoming the task system of record. one-three-one-rule is surprisingly useful because decision support is often the hardest thing to standardize, and that skill gives Hermes a named procedure for proposals rather than generic “summarize this” behavior. nano-pdf and powerpoint are the kind of operational multipliers that look small until a team starts touching decks and PDFs every day.

Hermes messaging and voice features make this profile more practical than it first appears. The gateway can expose the agent through Slack, Telegram, Discord, WhatsApp, Email, Matrix, and several other channels, and the voice stack supports microphone input, spoken replies in messaging, and live Discord voice conversations. The docs also note that one Hermes instance can serve multiple users through allowlists and DM pairing, while bot tokens remain exclusive to a single profile. That is why a communication-heavy deployment usually benefits from at least one dedicated profile instead of sharing the same bot identity with engineering or ops.

The ML and data platform profile

Hermes is built by a research lab, and that lineage shows. The catalogs include jupyter-live-kernel for stateful notebook-style work, huggingface-hub for model and dataset operations, evaluating-llms-harness and weights-and-biases for evaluation and experiment tracking, qdrant-vector-search for production RAG storage, and a large built-in and optional MLOps tier with skills such as axolotl, fine-tuning-with-trl, modal-serverless-gpu, lambda-labs-gpu-cloud, flash-attention, tensorrt-llm, pinecone, qdrant, and nemo-curator.

What is notable here is not just breadth. It is that the skills span the whole stack from notebook iteration to data curation, evaluation, vector search, fine-tuning, and inference optimization. For an ML platform user, Hermes stops feeling like an assistant and starts feeling like a control plane that can carry procedures across the lifecycle. jupyter-live-kernel handles iterative exploration, evaluating-llms-harness and weights-and-biases formalize measurement, and the optional compute and optimization skills let Hermes talk coherently about both experimentation and deployment.

This is also the profile where restraint matters most. Because the optional MLOps catalog is so large, a production Hermes setup for ML work usually benefits from being opinionated about scope. A platform engineering profile that owns evaluation and deployment does not need every training framework installed. A research profile that owns papers and note systems does not need every vector database skill. Hermes can carry huge skill inventories, but production usefulness still comes from narrowing the active surface.

Where skills become liabilities

The strongest part of the Hermes skills system is also the place where production setups go wrong. Hermes can browse and install skills from its built-in catalog, the official optional catalog, Vercel’s skills.sh, well-known skill endpoints, direct GitHub repositories, and marketplace-style community sources. The security model distinguishes between builtin, official, trusted, and community sources, runs security scans for hub-installed skills, and allows --force only for non-dangerous policy blocks. A dangerous scan verdict stays blocked. Hermes also surfaces upstream metadata such as repository URL, weekly installs, and audit signals during inspection. That is a solid trust model, but it is not a substitute for taste.

There is also a limit to what a skill should be asked to do. Hermes documentation is explicit that skills are the preferred choice when the job can be expressed as instructions plus shell commands plus existing tools, while plugins are the more honest abstraction for custom tools, hooks, and lifecycle behavior. The plugin guide even shows how a plugin can bundle its own skill. In production, that means skills are best treated as reusable procedures, not as a forced substitute for proper tool or plugin design.

Community and support look healthy, but they do not erase change velocity. Hermes documentation points users to Discord, GitHub Discussions, Issues, and the Skills Hub, and the public repository shows frequent releases and a large contribution footprint. The operational takeaway is simple enough: updates are part of the system, not an event outside it. A real production setup assumes profiles, skills, and workflow assumptions will evolve, then uses isolation and narrow skill packs so that change stays local when it inevitably arrives.

Hermes works best when skills are treated as procedural contracts around clearly separated profiles. The moment one profile becomes the engineering agent, the research assistant, the ops worker, the inbox bot, and the ML platform all at once, the system stops compounding and starts leaking responsibilities. The clean production pattern is less about having more skills and more about giving each profile a job description it can actually keep.

This article is part of the AI Systems cluster, which covers self-hosted assistants, retrieval architecture, local LLM infrastructure, and observability.