I advise against using Hermes Agent

piotrbednarsalt2 pts1 comments

Why I advise against using Hermes Agent - bednars.me

On the Ollama website, I saw that I could integrate any model they provide with the Hermes agent, but also with OpenClaw and other tools like Claude Code or Codex. I had heard about Hermes Agent before, mostly because they have a significant share of token consumption in OpenRouter’s statistics. I decided to try this solution out of curiosity, because I must admit the desire to have an autonomous agent is tempting.<br>I bought a subscription to Nous Portal, which costs $20 per month. I decided to use their cloud because I saw no point in dealing with various API keys, configurations, etc. locally. What already caught my attention at the beginning was a terribly unresponsive interface that has many problems with state management. I logged into the dashboard of my Hermes agent environment, but there were far more problems with state management in the components — I changed the default LLM model to another one, and in some UI elements I could still see the old LLM model. There were many more bugs like this, especially when configuring Telegram for communication.<br>Speaking of the default LLM model — Hermes chose Claude Opus 4.8 by default for me — I don’t know for what reason, but maybe just to make me run out of tokens quickly? Meanwhile, I saw benchmarks where Gemini 3.1 Flash Lite wins in all agentic tasks in Hermes. So why do they set Opus 4.8?<br>Later, I decided to test if Hermes would send me a voice message on Telegram, but for a while, it only returned the path to the OGG file on the server instead of sending the file as an audio message. After a few tries, it finally succeeded. Then I added some context about myself, but I asked clearly “If I add you to another Telegram group, will you reveal any information from this context?”, Hermes answered clearly “I will not reveal it” — I added it to a test Telegram group and when asking it about anything, it returned confidential information from the context. I know that you don’t trust LLMs, but since this is supposed to be an agentic tool for the average user, I thought Hermes had verified its configuration, etc., and based on that, determined that it would work in an isolated profile on other groups.<br>It is also interesting that the configuration variable “GATEWAY_ALLOW_ALL_USERS” has a comment stating it should only be used in development environments. In dev or debug mode, there should simply be a single global flag that allows access for everyone, instead of splitting it into weird, individual variables. To make matters worse, this variable has no default value assigned. I wasn’t even sure if I had to explicitly set it to FALSE just to stay secure, which is exactly what I ended up doing.<br>The Hermes installer itself is another failure and a prime example of vibe-coded elements. It is packed with sketchy, rushed fallbacks. An example? Using npm.cmd just to bypass the Execution Policy Error in PowerShell. Seriously? Couldn’t they just look up the NPM location in the PATH variable and call it directly without spawning a shell? Or at least use CMD as the shell if the user’s context indicates they are running PowerShell?<br>The number of issues in the hermes-agent repository on GitHub is almost 9 thousand. The entire Hermes Agent project is unresponsive, unintuitive, unsafe, vibe-coded — do not entrust it with any confidential information, I advise against buying a subscription or hosting it locally. It is a really poor project.

hermes agent model default telegram context

Related Articles