Hermes Agent vs OpenClaw: two paths to the agent that does things Link to heading

Hermes Agent represented as a technological mythological messenger faces an OpenClaw-inspired robotic claw in a neon-lit ring.

There is an important difference between a chatbot that answers questions and an agent that performs tasks.

The chatbot chats. The agent talks, remembers, calls tools, schedules routines, moves files, uses a browser, responds via message channels and, if you let it, starts to operate as a semi-autonomous layer on your computer or server.

This is where Hermes Agent and OpenClaw come in. Both are part of this new family of self-hosted personal agents: tools that you install, connect to your preferred models and transform into a kind of always-on operational assistant.

But they are not the same thing.

Nous Research’s Hermes Agent presents itself as “the agent that grows with you”. The central promise is learning: persistent memory, skills that emerge from experience, automations, subagents, sandboxing and an architecture closer to a technical laboratory, automation and research.

OpenClaw, created by Peter Steinberger and the community, bills itself as “AI that actually does things.” The central promise is presence: a local, multi-channel personal assistant, connected to WhatsApp, Telegram, Slack, Discord, voice, Canvas, companion apps and the user’s daily flow.

In simple terms: Hermes seems to bet on the agent who learns to work better. OpenClaw seems to be betting on the assistant that enters your digital life the fastest.

This text uses May 4, 2026 as the cutoff date. This matters because both projects are changing quickly. In a few days, stars, issues, releases and even public positioning can change. Open source agents in 2026 are less like stable off-the-shelf software and more like fast-growing organisms.

What this type of agent really is Link to heading

Before comparing Hermes and OpenClaw, it’s worth clearing the ground.

When we talk about an “agent”, we are not just talking about a language model. The model is the cognitive engine, but the real experience depends on the surrounding system: memory, tools, permissions, system prompt, session bank, channels, automations, browser, terminal, integrations, plugins, skills and security mechanisms.

An agent of this type typically has a few blocks:

persistent memory so you don’t start from scratch every time;
access to tools such as terminal, files, browser, calendar, email or APIs;
input and output channels, such as CLI, Telegram, Discord, Slack or WhatsApp;
scheduled automations, for recurring tasks;
some skill system, plugins or extensions;
approval rules and sandbox to limit damage;
logs and history to enable auditing.

This set is powerful. It’s also dangerous.

An assistant that only responds to text may hallucinate information. An agent with too many permissions could execute a bad command, leak context, mess with the wrong file, or respond to a malicious message as if it were a trusted instruction. Therefore, comparing Hermes and OpenClaw is not just about looking at the list of features. It’s asking what philosophy of autonomy each person encourages.

The philosophy of Hermes Agent Link to heading

The official Hermes Agent website describes the tool as an autonomous agent that lives on your server, remembers what it learns, and becomes more capable the longer it runs. In the repository README , Nous Research reinforces the idea of a self-improving agent: it creates skills from experience, improves these skills during use, searches previous conversations, and builds a progressive model of the user.

This is the soul of Hermes: not just an interface for calling models, but a work environment that accumulates procedures.

When it solves a difficult task, the idea is that it does not completely lose that path. The solution can become a skill. Memory can store preferences and context. Session search can retrieve old decisions. Subagents can divide work in parallel. Python scripts can call tools via RPC to reduce the number of steps that need to enter the model context.

This gives Hermes a strong technical personality. It chats via Telegram, Discord, Slack, WhatsApp, Signal, Email, and CLI, but the conceptual center does not seem to be “send a message from your phone and it organizes your life”. The core seems to be: “have a persistent, programmable agent, with procedural memory, automation, and the ability to delegate work.”

Hermes also explicitly positions itself as something that runs outside the laptop. The README talks about cheap server, GPU cluster, serverless infrastructure and backends like local, Docker, SSH, Daytona, Singularity and Modal. This reinforces an agent-as-operational-runtime philosophy.

In other words: Hermes wants to be a work base that learns.

The OpenClaw philosophy Link to heading

The official OpenClaw website opens with a much more direct promise: “AI that actually does things.” Clear your inbox, send emails, manage your calendar, check in for flights, all via WhatsApp, Telegram, or the chat app you already use.

README do OpenClaw defines the project as a personal assistant that runs on your own devices. It responds to the channels you already use, speak and listen to on macOS, iOS and Android, renders a controllable Canvas and treats the Gateway as the control plane. The most revealing phrase is this: the Gateway is just the control; the product is the assistant.

This explains a lot.

OpenClaw seems less interested in being a self-improvement laboratory and more interested in becoming an everyday presence. It lists support for WhatsApp, Telegram, Slack, Discord, Google Chat, Signal, iMessage, BlueBubbles, IRC, Microsoft Teams, Matrix, Feishu, LINE, Mattermost, Nextcloud Talk, Nostr, Synology Chat, Tlon, Twitch, Zalo, WeChat, QQ, and WebChat.

There is also voice, Canvas, companion apps and guided onboarding. The documentation insists a lot on setup, pairing, channels, DM security and local operation. The project wants the user to feel like they have an assistant always on, not just a tool for technical tasks.

OpenClaw’s vision document reinforces this direction: the stated goal is an easy-to-use personal assistant with broad platform coverage while respecting privacy and security. The current priority mentioned there is security, bug fixes, stability, setup reliability and first experience.

In other words: OpenClaw wants to be the local personal assistant that finally feels useful.

Quick comparison Link to heading

Question	Short answer
Greater public adoption?	OpenClaw
Better internal learning?	Hermes
Better presence on channels?	OpenClaw
Best for technical automation?	Hermes
Best for personal assistant?	OpenClaw
Best for subagents?	Hermes
Best for Voice and Canvas?	OpenClaw
Best for research and dev?	Hermes
Common risk for both?	Permissions
Actual status?	In evolution

In detail, Hermes is Python, installs via official script and relies on CLI/TUI, gateway, dashboard, skills, subagents, cron and backends such as Docker, SSH, Singularity and Modal. OpenClaw is TypeScript/Node, installs via npm/pnpm/bun, uses Gateway, chat apps, WebChat, voice, Canvas, companion apps, plugins and broader channel coverage.

This table should not be read as a fixed score. She is a photograph. In projects that release weekly releases, photography ages quickly.

What has changed in the latest versions Link to heading

On April 30, 2026, Hermes published the release v0.12.0 . The release note itself calls this version a “Curator release”. The most important point is the autonomous Curator: a background agent that evaluates, consolidates and prune the skills library in scheduled cycles.

This update speaks directly to Hermes’ philosophy. It’s not just “one more channel” or “one more screen”; it is an improvement in the self-improvement loop. The release also reinforces the background review fork, adds providers such as GMI Cloud, Azure AI Foundry, LM Studio, MiniMax OAuth and Tencent Tokenhub, expands messaging platforms with plugins for Teams and Yuanbao, adds Spotify and Google Meet, promotes ComfyUI and TouchDesigner-MCP to the standard set and announces a reduction of around 57% in TUI’s visible cold start.

The signal is clear: Hermes is investing on three fronts at the same time: internal learning, provider outreach and technical ergonomics.

On May 4, 2026, OpenClaw published release v2026.5.3 . The highlight is more operational: file transfer plugin, hardening of installation and plugin updates, performance improvements in the Gateway and Control UI, better recovery in channels, streaming/progress adjustments, corrections in Discord, WhatsApp, Teams, Slack, Matrix, Telegram and greater runtime reliability.

This also matches the OpenClaw philosophy. The project appears to be in the phase of making the assistant more reliable in the real world: channels, updates, plugins, transport, configuration, replies, messages and operational security.

If Hermes is refining the agent’s procedural brain, OpenClaw is beefing up the assistant’s nervous system.

What GitHub says, and what it doesn’t say Link to heading

At the time of the research, on May 4, 2026, the Hermes repository appeared with around 132 thousand stars, 20 thousand forks, 2.9 thousand issues and more than 5 thousand pull requests. The OpenClaw repository appeared with around 368 thousand stars, 75.8 thousand forks, 3.3 thousand issues and 3.4 thousand pull requests.

These numbers say something, but they don’t say everything.

They indicate attention. They indicate community. They indicate that a lot of people are looking, testing, opening an issue, suggesting changes and creating derivatives. At this point, OpenClaw is clearly ahead in raw viewability. The difference between stars and forks is too big to be treated as a detail.

But star is not synonymous with quality. Star can mean real usage, curiosity, hype, bookmark, cheering, FOMO or simply “I want to catch up on this later”. Fork can also indicate contribution, experiment, disposable clone or automation.

What matters for the post is the combined reading:

OpenClaw has greater public traction and appears more viral as a product;
Hermes has strong growth and an intense engineering cadence;
both have enough activity to be treated as living projects;
both have a high enough number of issues and PRs to suggest maturity in construction, not quiet stability.

This is an important distinction. A very active project can be excellent for those who want to be at the forefront. It can also be tiring for those who want predictability.

What users seem to value Link to heading

Here it is necessary to separate evidence from impression.

OpenClaw’s official sources include a public section of testimonials from X. The sample is naturally biased: a homepage tends to select praise, not criticism. Still, it helps to identify the type of enthusiasm that the project arouses.

The recurring pattern in the testimonials is the feeling of a real assistant: something you call via Telegram or Discord, which maintains context, which integrates communications, which automates tasks and which looks like “what Siri should have been”. The idea of fun, discovery and surprise also appears a lot. OpenClaw sells this sense of personal future well: the computer becomes more actionable through conversation.

At Hermes, official public perception is less centered on testimonials of everyday use and more on architectural capability. The README and homepage emphasize memory, auto-generated skills, subagents, cron, sandboxing, providers, search, and integration with technical flows. The type of user who tends to be interested in this is more operator than consumer: devs, researchers, people who want to automate technical work, create routines and transform experience into reusable procedures.

The likely reviews are also different.

In OpenClaw, the perceived risk tends to appear in setup, security, permissions and instability of a very fast project. An assistant with access to messages, files, browser and commands needs excellent defaults. The documentation itself insists on DMs as untrusted input, pairing and allowlists. This is a good sign, but it also shows the size of the scratch surface.

At Hermes, the risk tends to be complexity. The project is powerful, but the mental package is large: providers, backends, skills, memory, Curator, subagents, remote terminal, execution via RPC, dashboard, TUI, cron, plugins. For those who just want “an assistant on WhatsApp”, it might seem like too much of a tool.

Practical experience: broad product or focused agent? Link to heading

After testing both, my impression was less neutral than the table suggests: OpenClaw seemed more promising as a personal assistant idea, but also more uneven in execution. In real use, it can feel like a patchwork tool, with setup bugs, small runtime mismatches and less predictable behavior than the “wizard ready” narrative suggests.

This perception does not appear alone. OpenClaw public issues report regressions such as memory leaks in basic CLI commands, very slow or unresponsive Control UI after upgrade, silent failures in the update flow when there is a conflicting global installation, and agent crash with a difficult-to-diagnose WebSocket synchronization error. The latest release also dedicates a lot of space to hardening installation, plugins, updating, fallback, runtime discovery, Gateway and Control UI. This doesn’t prove that “OpenClaw is bad”; proves that the ambition to be a multi-channel local assistant exacts a high price on the surface of failure.

There is another point: OpenClaw’s own security documentation is frank in saying that the wizard can execute commands, read and write files, access the network and send messages, and that plugins run within the Gateway process as trusted code. Articles about ClawHub and gateway failures reinforce the same warning: when an agent becomes a popular product, the marketplace, plugins and channels become part of the experience, but they also become part of the risk.

At Hermes, my experience was different: more focused, more direct and more productive. The tool seems less concerned with being “the assistant for everything” and more concerned with being a technical agent that solves tasks, records learning and improves procedures. This matches the public direction of the project: Curator, skills, memory, subagents, automations, sandboxing and a security model that explains approvals, isolation per container, MCP credential filtering and delegation limits.

But I wouldn’t turn this into a total absolution of Hermes. The repository also has public bugs of crash after installation, gateway crashing in long sessions, tool loops, and streaming issues. The difference, for me, is one of fit and philosophy: Hermes’ problems seem more linked to a complex technical agent being expanded; OpenClaw’s problems seem more like an everyday product trying to cover too many channels, too many plugins, and too many situations at once.

So my reading went like this: If you want to experience the future of the on-premises personal assistant, OpenClaw is still the flashiest showcase. If you want to use an agent for real work, with less of an inflated demo feeling and more of an operational tool, Hermes seemed more convincing to me today.

Bugs, security and maintainer response Link to heading

Here the comparison needs to separate three things: product bugs, security bugs and user communication.

In product bugs, OpenClaw appears to be dealing with a larger scale of pain. There are recent issues about memory leaks that broke basic commands like gateway status and doctor, Control UI extremely slow or unresponsive after upgrade, and silently inconsistent upgrade when a system-wide installation shadowed the user installation. Using GitHub’s public API, these three examples were opened in March 2026 and closed between mid and late April, in an approximate window of 33 to 45 days. This suggests that the design corrects, but not always at the speed that an end user would expect from an “out of the box” personal assistant.

At the same time, OpenClaw seems more concerned with the perception of the average user. Release v2026.5.3 talks a lot about installation hardening, update, fallback, runtime discovery, Gateway, Control UI, channel status and doctor --fix. This is product language: reduce friction, make errors more diagnosable, and recover better when something breaks.

In security, OpenClaw has the most robust public trail. There are multiple GHSA advisories, corrected versions, and impact descriptions. Examples: critical path traversal when installing plugins fixed in 2026.2.1; arbitrary file reading via browser upload fixed in 2026.2.14; browser SSRF policy bypass fixed in 2026.4.8; old bearer token retention after SecretRef rotation fixed in 2026.4.15; and local media contention in WebChat also fixed in 2026.4.15. The ClawJacked case, reported by Oasis and echoed by TechRadar, would have been corrected in around 24 hours, with a recommendation to upgrade to 2026.2.25 or later.

This doesn’t make OpenClaw “safer” in an absolute sense. In fact, the number of advisories also shows a huge surface: local WebSocket, gateway, plugins, hooks, browser, WebChat, channels and marketplace. But it shows that the project appears to have a more visible public process for recognizing vulnerabilities, publishing advisories and pointing out fixed versions.

At Hermes, the reading is different. The security documentation is technically strong: it explains that the agent is single-tenant, that local execution is powerful by default, that dangerous commands are approved, that MCP receives a filtered environment, that code execution removes tokens from the environment, that subagents have a depth limit and that there is optional isolation by Docker, Modal and Daytona. In terms of risk architecture, Hermes seems to think more clearly about limits.

But the public response to recent vulnerabilities weighs against him. The NVD lists CVE-2026-7112 and CVE-2026-7113, both linked to Hermes Agent 0.8.0, involving improper authentication on the API server and missing authentication in webhook with _INSECURE_NO_AUTH. The logs cite issues and PRs on GitHub and indicate that the project would have been informed early via pull request with no reaction documented in the log. When consulting the GitHub public API on May 5, 2026, issues #6439 and #6440 still appeared open; PR #6477 was closed without merging; and PR #6445 still appeared open.

So my verdict here has changed a bit:

more perceived stability in technical use: Hermes;
more public and formal security response: OpenClaw;
more explicit concern with end user experience: OpenClaw;
more clarity on the execution model and technical limits: Hermes;
largest attack surface by product ambition: OpenClaw;
biggest point of attention in public response to recent CVEs: Hermes.

That’s a real tension. Hermes may seem better to work with, but it needs to be careful that its public response to security keeps up with the sophistication of the architecture. OpenClaw may seem more unstable in use, but it is showing a public correction, advisories and hardening muscle that weighs in its favor when it comes to trust.

The risks of having an agent like this Link to heading

The central risk is not the “wrong thinking” model. It’s the model of thinking wrong with too many tools.

A personal agent of this type can read files, execute commands, open a browser, respond to messages, access the calendar, install plugins, connect services and operate as if it were you. This changes the error category. A bad response in a chatbot turns into embarrassment. A bad action on an agent can result in file deletion, token leakage, inappropriate response to a client, installation of malicious code or exposure of an entire machine.

The main risks are:

prompt injection: someone sends a message, email, page or document that tries to manipulate the agent;
excessive permission: the agent receives too broad access to files, shell, network, messages and accounts;
malicious plugins and skills: extensions appear useful, but they execute code or instruct the agent to download malware;
exposed gateway: a local or remote interface is accessible outside the expected environment;
credentials in the wrong place: tokens and keys appear in logs, configs, prompts or history;
autonomous actions without confirmation: the agent sends, deletes, buys, moves or executes before asking for authorization;
trust by popularity: stars, downloads and testimonials replace real audit.

Therefore, the rule of thumb is simple: treat any local agent as a powerful user of your machine. Use allowlists, pairing, confirmations for destructive actions, sandboxing when possible, accounts with limited permissions, manually reviewed plugins and frequent updates. The future of personal agents is exciting, but it only becomes interesting if autonomy comes with restraint.

Where Hermes is better Link to heading

Hermes seems best when the goal is to build a technical agent that accumulates operational knowledge.

If you want the agent to learn patterns in your environment, generate skills after solving difficult tasks, recover past sessions, run server automations, delegate parallel work and use different sandboxes for execution, Hermes speaks directly to this case.

It also seems more interesting for those who think of agents as work infrastructure. The integration with batch trajectories, RL environments, Atropos, various providers and programmatic execution points to an audience that wants to experiment with agents, not just use them.

Hermes’ strong point is the idea of procedural memory. Not only remember that you like short answers, but learn “how to do” certain tasks.

This is very promising. It is also the part that needs to be observed most rigorously. Poorly controlled self-improvement can become an accumulation of bad rules. The v0.12.0 release seems aware of this by introducing Curator, rubrics, pruning and skill protection. Still, it’s an area where trust shouldn’t be given for free.

Where OpenClaw is better Link to heading

OpenClaw seems best when the goal is to have a personal assistant that is local, multi-channel and present in everyday life.

If you want to send a Telegram message, use WhatsApp, receive responses in different channels, speak to the voice assistant, use Canvas, connect mobile apps and take advantage of a huge community around skills and plugins, OpenClaw has a clear advantage.

It also appears stronger in product imagery. The proposal is easy to explain: it is an open source personal assistant that runs on your devices and does things for you. This clarity helps adoption.

The OpenClaw’s strong point is the contact surface. It goes where the user already is. This is very important, because assistants only become a habit when they appear in the natural flow of life. A brilliant agent stuck in the terminal can be great for devs; an agent that responds in the right chat, at the right time, becomes another category of tool.

The risk is that a large surface increases operational complexity. More channels mean more tokens, more permissions, more message formats, more edge cases, and more possibilities for malicious entry. Release v2026.5.3 shows a project working hard at this layer: plugins, updates, performance, streaming, channels, recovery and configuration security.

The winner at the moment Link to heading

If the question is “which project has the most growth and public presence right now?”, the winner is OpenClaw. GitHub’s numbers are higher, the community appeal is more visible and the proposal is easier to understand for those who want a personal assistant.

If the question is “which one looks more interesting as a technical agent that learns workflows and becomes automation infrastructure?”, Hermes is the most elegant candidate. The focus on Curator, skills, subagents, memory, programmatic execution, and backends gives him a deeper direction for technical work.

So the honest verdict is:

choose OpenClaw if you want a local, multi-channel personal assistant with strong community and product feel;
choose Hermes Agent if you want a persistent technical agent, with procedural learning, automations and better fit for development, research or operations workflows;
keep track of both if you’re trying to understand where self-hosted personal agents are going.

The possible long-term winner may not be “one against the other.” It could be a convergence: OpenClaw pulling the everyday experience closer to the user, Hermes pulling the agent closer to a system that learns and maintains itself.

In the short term, OpenClaw appears to win on noise and adoption. Hermes appears to win on the technical thesis and, in my testing, it also wins on operational focus.

And that’s an interesting division. Because the agent market hasn’t yet decided whether the future is a personal assistant you call on WhatsApp or a persistent infrastructure that turns repeated work into a reusable skill.

The good future will probably need both.

How I would use each one today Link to heading

I would test OpenClaw for:

centralize a personal assistant in message channels;
automate small daily routines;
try voice, Canvas and companion apps;
validate whether a local agent can become a real habit;
explore community skills and plugins.

I would test Hermes for:

create recurring technical automations;
operate tasks on a server or sandbox;
transform repeated procedures into skills;
investigate workflows with subagents;
use memory and history as part of development work.

In either case, I would start with limited permissions.

No giving broad access to the entire computer on the first day. No letting public DMs perform sensitive tasks. No connecting email, calendar, files and shell without understanding the security model. The charm of these agents is precisely “doing things”; the risk too.

What to watch out for in the coming months Link to heading

Some signs will say a lot about who matures better.

The first is security. Those who deal best with untrusted input, permissions, sandboxing, allowlists, logs and secure updating tend to survive the hype better.

The second is setup stability. Personal agents die when installing and maintaining becomes a second job.

The third is memory quality. Remembering too much, remembering wrong, or accumulating bad instructions can be just as problematic as forgetting it all.

The fourth is plugin and skills governance. An open ecosystem is a strength, but it is also a vector of risk.

The fifth is product clarity. OpenClaw has a strong narrative. Hermes has a strong technical thesis. Both need to continue reducing friction without hiding dangerous decisions from the user.

Conclusion: two agents, two bets Link to heading

Hermes Agent and OpenClaw are similar enough to be compared, but different enough that the comparison is actually useful.

Both point to a world in which AI stops being just a text box and becomes an operational layer: remembers, schedules, calls tools, chats through channels, performs tasks and learns part of its environment.

OpenClaw is trying to win by presence. It wants to be in the channels you already use and make the assistant feel alive, local, and actionable.

Hermes is trying to win through evolution. It wants the agent to learn, consolidate procedures, delegate work, operate in isolated environments, and become more capable over time.

Today, I would call OpenClaw the strongest option for anyone looking to try an open source personal assistant. And I would call Hermes the strongest option for anyone looking to study or operate a persistent technical agent.

For my daily life, the choice ends up becoming clearer: I opted for Hermes Agent. My main use is not to have a nice assistant spread across all channels, but to go back to development, execution of controlled tasks, technical automations and workflows where procedural learning matters. In this context, focus, predictability, memory, skills and the ability to transform repeated work into a reusable procedure weigh more than presence in many channels.

OpenClaw remains interesting as a vision for an on-premises personal assistant. But, for a more technical use, where I want to better control what the agent does, monitor how it learns and fit it into development routines, Hermes seems more aligned with what I really need now.

The most curious thing is that neither of them looks like a final product. They seem like different clues to the same question: how do you turn language models into reliable work in the real world?

This question is still open. But now it has repositories, releases, issues, plugins, real users and, most importantly, tools that do more than respond beautifully.

They do things.

And, as always happens when software starts doing things on our behalf, the question is no longer just “which is more powerful?”

The question becomes: which one would you trust to play in your environment?

Hermes Agent vs OpenClaw: which agent makes more sense now?