Why Hermes

Why we offer Hermes, not OpenClaw

OpenClaw is the most-starred software project on GitHub — ever. So why did we build Store4Agent on Hermes Agent instead?

Published May 21, 2026 · 8 min read

The short answer: for a managed servicethat holds real people's conversations, files, and integrations, the tradeoffs land differently than they do for a solo developer self-hosting on their own machine. Security posture, privacy defaults, and how the agent personalizes over time all shift in importance. We'll walk through each factor below.

This is not a hit piece on OpenClaw. It is a genuinely remarkable project — the fastest repository to reach GitHub's all-time star record. But remarkable popularity and the right foundation for a multi-tenant service are different things, and we think you deserve a straight explanation of why we made the call we did.

What are these two frameworks?

Both OpenClaw and Hermes Agent are open-source AI agent frameworks released in 2026. Both let you connect large language models to tools, messaging platforms, and real-world actions. Beyond that surface similarity, they are built around fundamentally different ideas.

OpenClaw is a gateway platform. Its core is a long-running daemon that sits between your messaging apps (Telegram, Discord, WhatsApp, Slack, and 47 more) and an agent runtime. It has a community marketplace called ClawHub with 5,700+ pre-built skills. You install a skill, and the agent immediately gains that capability. Think of it as a very powerful router with a plugin store.

Hermes Agent is a learning-first agent, built by Nous Research — the lab behind the Hermes model series. Instead of a marketplace of pre-written skills, Hermes autonomously creates and refines its own skills from experience. Every 15 tasks, a background process called the Curator evaluates what worked, extracts reusable patterns, and writes new skill files that the agent loads for future use. The longer it runs, the sharper it gets — without you maintaining anything.

Reason 1: Security was a first-class design decision in Hermes, a retrofit in OpenClaw

This is the single most important factor for a managed service, so let's be specific.

OpenClaw had a difficult start in 2026. Five CVEs were documented before May:

CVECVSSWhat it allowed
CVE-2026-252539.1 CriticalPath-traversal in skill loader — read any file on the host, including SSH keys and API credentials
CVE-2026-258918.4 HighMCP server accepted empty Authorization headers — any local process could connect unauthenticated
CVE-2026-261027.8 HighSkills could silently overwrite the identity file — persistent privilege escalation, all API calls mirrored to attacker server
CVE-2026-247637.5 HighCommand injection via unsanitized gateway input
CVE-2026-35650HighPrompt injection could overwrite agent configuration — policy bypass and host override

Alongside these vulnerabilities, the ClawHub skill marketplace was hit by ClawHavoc — a supply-chain campaign that placed 1,184 malicious packages on the registry, compromised 23 legitimate publisher accounts, and delivered credential-stealing payloads to an estimated 15,000–25,000 installs. Microsoft, CrowdStrike, Palo Alto Unit 42, and Cisco Talos all published advisories. CrowdStrike reported a 300% increase in attacks against AI developer tools in Q1 2026, with OpenClaw as the most frequently targeted framework.

OpenClaw has patched all of the above. The team has been responsive. This is not a story about a negligent project — it's a story about a framework that grew enormously fast and had to harden reactively.

Hermes Agent took the opposite approach. Its security model was specified before launch as seven layered controls:

  1. 1
    User authorization at the gatewayAllow-lists, DM pairing with OWASP/NIST-aligned codes, rate limiting, fail-closed on timeout.
  2. 2
    Dangerous command approvalEvery destructive command confirmed manually by default. Smart mode uses a secondary LLM to assess risk. A hardline blocklist catches rm -rf /, mkfs, dd, and remote-code-execution patterns before any other layer — no override flag.
  3. 3
    Container isolationDocker with hardened flags, no privileged mode, no sensitive mounts. Singularity for HPC. Modal for serverless. Inside a container, command checks are skipped because the container is the boundary.
  4. 4
    MCP credential filteringSubprocesses receive only explicitly approved environment variables. SSRF protection and a Tirith pre-exec security scan run before every MCP invocation.
  5. 5
    Context file scanningProject files are scanned for prompt-injection patterns before processing — a direct countermeasure to CVE-2026-35650 class attacks.
  6. 6
    Cross-session isolationSessions cannot touch data from other sessions. Cron paths are hardened against path traversal (CVE-2026-25253 class).
  7. 7
    Input sanitizationWorking-directory parameters validated against allowlists. Shell injection prevented at the infrastructure level (CVE-2026-24763 class).

No publicly documented CVEs for Hermes Agent exist as of May 2026. That partly reflects the project's youth, but it also reflects a deliberate architectural discipline that is genuinely unusual in fast-moving open-source AI tooling.

For Store4Agent — a service where your credentials, conversation history, and potentially sensitive instructions live inside the agent — this asymmetry mattered enormously.

Reason 2: Your Hermes actually gets smarter over time

OpenClaw ships with 5,700+ pre-built skills. That sounds better than it is. A skill that works on day one works the same on day one hundred. The agent does not adapt to how youwork. Someone else wrote those skills; they reflect someone else's patterns.

Hermes ships with a feature called the Curator(introduced in v0.12). Every 15 tasks, a background process audits the agent's skill library: it removes skills that are no longer used, consolidates redundant ones, and extracts reusable patterns from recent task history to write new skills autonomously. No human intervention. No skill marketplace. The agent compounds your patterns into its own toolbelt.

In practice this means: a task that took three attempts in week one gets handled silently in week four because the agent built and internalized a skill for it. Your Hermes in month three is measurably different from your Hermes on day one — and the difference is specific to your usage, not a generic community average.

For a personal agent service, this is not a nice-to-have. It is the difference between renting a generic worker and developing a colleague who genuinely knows how you work.

Reason 3: No third-party SaaS layer in your data path

OpenClaw has a commercial counterpart at openclawai.io. This is completely legitimate — but it means the project has a commercial incentive to route data through a cloud service. For teams self-hosting on their own hardware, this is not a concern. For a managed service like Store4Agent, it creates a question: whose infrastructure does your data touch?

Hermes Agent is MIT-licensed with no parallel commercial SaaS. Nous Research provides models through the Nous Portal, but the agent framework itself has no commercial overlay and no telemetry that routes through a third-party platform.

When you use Store4Agent, your conversations live in an isolated container on our infrastructure (Hetzner, Germany). They do not pass through any framework vendor's cloud. Hermes's architecture makes that guarantee easier to keep.

Reason 4: Depth of personalization over breadth of channels

OpenClaw supports 50+ messaging platforms. If you need to reach users on QQ, LINE, or iMessage in addition to Telegram and Discord, OpenClaw is the only real option.

Store4Agent focuses on Telegram and Discord — the two platforms where AI agent workflows are most mature and where the majority of our users actually live. We do not need 50 channels. We need one agent that knows you deeply inside the channels you use every day.

Hermes trades channel breadth for personalization depth. Its four-layer memory system — session history, user profiling via Honcho dialectic modeling, FTS5 full-text search with LLM summarization, and procedural memory — builds an increasingly precise model of how you communicate, what your projects are, and what decisions you tend to make. OpenClaw stores user preferences in a flat Markdown file. Hermes builds a multi-dimensional understanding of you that evolves each session.

This is the kind of personalization that makes a personal agent feel personal rather than just capable.

What OpenClaw does better (to be fair)

This matters. OpenClaw has clear strengths and we do not want to oversell the comparison:

  • Time to value — npx openclaw and you are operational in minutes with thousands of pre-built skills.
  • 🌐Channel breadth — 50+ platforms including regional ones like QQ, LINE, and iMessage. Unmatched.
  • 👥Team and multi-agent operations — the gateway architecture handles multi-user, multi-channel deployments cleanly.
  • 🏪Ecosystem — 345,000+ GitHub stars, 247,000+ developers, 5,700+ skills. Community support is enormous.
  • 🔧Predictability — static skills do exactly the same thing every time. Some workflows need that.

If you want to self-host an agent across 20 different messaging platforms for your whole team with a large library of community-built integrations, OpenClaw is probably the right tool. Store4Agent is not trying to be that product.

Side-by-side summary

DimensionOpenClawHermes Agent
Core philosophyGateway / routing platformLearning-first personal agent
GitHub stars345,000+64,000+ (launched March 2026)
Security modelReactive — patched after CVEsProactive — 7 layers by design
CVEs (2026)5 CVEs, CVSS scores up to 9.1None publicly documented
Supply-chain incidentsClawHavoc (1,184 malicious packages)None documented
Skill system5,700+ pre-built ClawHub skillsAuto-generated, self-refined by the agent
Self-improvementNone — skills are staticAutonomous Curator refines skills continuously
Messaging channels50+ platformsTelegram, Discord, WhatsApp, Slack + more
DeploymentLocal / Docker / SaaSSelf-hosted only — no third-party SaaS layer
Commercial modelOpen source + openclawai.io SaaSMIT — no commercial entanglement

The bottom line

OpenClaw is an impressive piece of engineering. Its community, ecosystem, and channel coverage are unmatched. If you are a developer who wants to self-host an agent and values a large library of ready-made integrations, you should absolutely evaluate it.

We chose Hermes because the tradeoffs that matter most for a managed personal agent service — security-by-default, genuine personalization over time, and a clean data path with no commercial SaaS overlay — all land in Hermes's favor.

The agent we run for you is not just a router that sends your messages to an LLM. It is a system designed to get better the longer you use it, with a security model that was specified before the first line of production code was written. That is why it is called Hermes, and that is why we are proud to offer it.

Try Hermes for free

3-day free trial. No credit card needed to start. Your personal AI agent on Telegram and Discord, from $9/mo.

Start free trial