22 Hermes security agents

Secure your Hermes agent
before it ships.

Hermes agents are powerful — and exposed to three attack classes your code won't catch on its own. Answer 4 questions and get a hardened config bundle dropped straight into your project.

npx ship-safe init --hermes --from shipsafecli.com/s/<token>

Secure my agent →Read the threat breakdown

New to Hermes?

Hermes is an open-source agent framework by Nous Research with 30+ toolsets (web_search, terminal, browser_navigate, delegate_task, and more), pluggable memory providers (built-in MEMORY.md/USER.md, Honcho, Mem0), and subagent delegation via delegate_task.

Every tool dispatch through registry.dispatch(), every memory write to MEMORY.md, and every subagent spawn is an attack surface. Ship Safe audits all three — automatically, on every PR.

agent-manifest.json (Ship Safe security manifest)

{
  "tools": [
    { "name": "web_search",
      "integrity": "sha256-abc..." },
    { "name": "terminal",
      "integrity": "sha256-xyz..." }
  ],
  "security": {
    "allowlist": ["web_search", "terminal"],
    "requireIntegrity": true,
    "maxRecursionDepth": 2
  }
}

Three attacks your agent is exposed to right now

These don't require a breach. They exploit the trust your agent places in its own tools, inputs, and memory.

Tool registry poisoning

Hermes loads tools via registry.register() at import time. A compromised dependency or malicious MCP tool can register under a trusted name. Without integrity checks, your agent calls it without question.

HERMES_TOOL_NO_INTEGRITYDetected by Ship Safe

Function-call injection

A prompt injection tricks your agent into calling registry.dispatch() with an attacker-chosen tool name. Hermes has 30+ registered tools — without an allowlist check, any of them can be invoked.

HERMES_FUNCTION_CALL_NO_ALLOWLISTDetected by Ship Safe

Memory poisoning

Hermes injects MEMORY.md and USER.md into the system prompt at session start. Poisoned entries — via prompt injection patterns or invisible unicode — can hijack the agent's behavior across all future sessions.

HERMES_MEMORY_INJECTIONDetected by Ship Safe

From zero to hardened in one command

No code uploaded. No config files to learn. Just answers to 4 questions.

Answer 4 questions

Project name, your registered tools (from tools/registry.py), which memory provider you use, and whether you use delegate_task. Takes under a minute.

Get your setup command

Ship Safe generates a one-time command. Nothing is uploaded — the config is encoded in the URL itself.

Run one command

npx ship-safe init --hermes --from <url> writes all files, generates integrity hashes, and runs your first audit.

CI guards every PR

The generated workflow posts a security score on every pull request and fails if your score drops below baseline.

What gets generated

Everything drops into your project at the correct paths. No manual placement.

agent-manifest.json

Ship Safe security manifest — tool allowlist, integrity hashes, MAX_DEPTH enforcement. Complements your ~/.hermes/config.yaml.

.ship-safe/agents/hermes-policy.js

Custom security agent — enforces your allowlist and runs on every ship-safe audit automatically.

.ship-safe/hermes-baseline.json

Baseline score. CI fails any PR that drops below it.

.github/workflows/ship-safe-hermes.yml

GitHub Actions workflow — audits on every PR and posts a score comment.

Ready to harden your agent?

Free for the first scan. No credit card required.

Get started free →

Already have an account? Go to the deploy wizard →

Secure your Hermes agentbefore it ships.