Hermes Agent wins for anyone starting fresh in May 2026. The security gap is the deciding factor — 170+ CVEs in six months for OpenClaw against zero published CVEs for Hermes — but it’s not the only one. Hermes was built after watching OpenClaw burn, and the design shows it: secure-by-default sandboxing, an agent-curated learning loop, and an actively-maintained backer in Nous Research.
Stay on OpenClaw only if (a) you’re already invested, (b) you can lock down your install yourself, and (c) you need one of the niche messaging bridges Hermes hasn’t cloned yet (WeCom, DingTalk, Yuanbao, polished BlueBubbles). Everyone else: install Hermes, run hermes claw migrate if you’re switching, and don’t look back.
One line per dimension. Pills tell you who I think wins it.
| Dimension | OpenClaw v2026.5.5 | Hermes Agent v0.14.0 |
|---|---|---|
| Release / maturity | Jan 2026, v2026.5.5 (rolling) | Feb 2026, v0.14.0 (May 16, 2026) close |
| Stewardship | Independent foundation; creator at OpenAI since Feb 14, silent since | Nous Research (active lab) Hermes |
| Stars | ~340K | ~162K OpenClaw |
| Primary runtime | Node.js gateway, long-lived process | Python 3.11+, uv-managed preference |
| Default model | Provider-agnostic; no in-house | Provider-agnostic; defaults to Hermes 4 (Nous) preference |
| Memory model | SOUL.md + MEMORY.md (flat files) | SQLite FTS5 episodic archive + agent-curated nudges Hermes |
| Learning | You write skills; agent doesn’t | Agent auto-generates skills from solved tasks; ~40% speedup on repeat work Hermes |
| Sandboxing | DIY (Docker hardening guide); not on by default | 5 backends out of the box (local/Docker/SSH/Singularity/Modal); on by default Hermes |
| Security record | 170+ CVEs in 6 months; ClawHavoc skill-poisoning; 135K exposed instances; Meta corp ban | 0 published CVEs; signed-skill scanner from launch Hermes |
| Messaging bridges | ~15 platforms incl. WeCom, DingTalk, Yuanbao, polished BlueBubbles iMessage | ~9 platforms (Telegram/Discord/Slack/WhatsApp/Signal/SMS/Email/Matrix/Mattermost) OpenClaw |
| Built-in skills | ClawHub: thousands (incl. malicious); discovery is the problem | 70+ first-party; scanner-gated community submissions Hermes (quality) |
| Life-service connectors | 50+ | 40+ and growing OpenClaw (breadth) |
| Install footprint | Laptop-centric; macOS-first | $5 VPS or laptop or serverless; Linux/macOS/WSL2 first Hermes |
| Voice / smart home | Mature (Home Assistant + voice) | Home Assistant supported; voice still nascent OpenClaw |
| Licensing | MIT | MIT tie |
| Software cost | Free (you pay model) | Free (you pay model) tie |
Tally: Hermes wins 7, OpenClaw wins 4, three ties. The scoreline is the right summary, but it understates the gap because the security row alone is doing more work than any other.
Peter Steinberger, January 2026. Originally Clawdbot, briefly Moltbot, finally OpenClaw. Hit 340K stars in 60 days — the fastest-growing OSS project in history. Steinberger joined OpenAI on Feb 14 and transferred governance to an independent foundation. He hasn’t posted a public OpenClaw update since.
Nous Research, February 2026. The same lab behind the open-weight Hermes LLM family (used for years as the de-facto agentic fine-tune of Llama and Mistral). 110K+ stars in 10 weeks, 162K by mid-May. Backed by an active, well-funded research org with a track record of shipping — not an orphan project.
The origin stories matter because they predict the next twelve months. OpenClaw was a solo-built viral hit that the creator handed off and stepped away from; Hermes is a deliberate, lab-built product from a team that lives and breathes agentic LLMs. Read the next sections with that asymmetry in mind.
At the center sits the Gateway — a single long-running Node.js process that holds the messaging connections open, orchestrates LLM calls, and hands work off to skills. Skills are folders with a SKILL.md manifest and a script. Discovery is via the ClawHub marketplace. The whole thing is optimized for one mental model: “text my agent from anywhere, it does the thing.”
That focus is also its limit. There’s no real concept of the agent learning — it loads skills you (or strangers on ClawHub) wrote, and it forgets the shape of what worked the moment the conversation ends, unless you manually edit MEMORY.md. It’s breadth-first thinking from 2025 dressed up for 2026.
Hermes treats the agent as a learning system, not a script runner. The tagline — “the agent that grows with you” — is a literal architectural claim:
It’s also not a desktop-first product. Hermes assumes it’ll run as a daemon — on a VPS, in Modal, on a home server — and that messaging is one of several front-ends. OpenClaw, by contrast, was born on a Mac laptop and it shows.
| OpenClaw | Hermes Agent | |
|---|---|---|
| Long-term store | Flat SOUL.md + MEMORY.md files | SQLite with FTS5 full-text search |
| What writes to it | You (or the agent, on prompt) | Agent on a periodic nudge, plus explicit user pins |
| Search | Whole-file load into context | Indexed cold-recall; no need to inline everything |
| Skills from experience | None — humans author skills | Auto-distilled from solved tasks |
| User model | Whatever you wrote in SOUL.md | Honcho dialectic, structured, queryable |
| Memory-poisoning surface | High (it’s a text file the agent reads as instructions) | Lower (DB rows, scoped by role, structured) |
The OpenClaw memory model is honestly stuck in the original Claude-Code idiom: dump everything into Markdown, hope the model behaves. It also is the most common attack vector — time-shifted memory poisoning is the second item on the project’s own attack-vectors list. Hermes treats memory as data with provenance, which is how a 2026 product should look.
This is the section that decides the whole comparison. The numbers are not close.
170+ CVEs in six months; 13 new in April 2026 alone. ClawHavoc seeded 1,467 malicious skills on ClawHub (one with 340K+ installs) before publisher verification was added. April scan: 135,000+ exposed instances across 82 countries, 63% running with no authentication at all. Meta banned OpenClaw from corporate devices. Palo Alto called it “the potential biggest insider threat of 2026.”
Zero published CVEs as of May 22, 2026. Sandboxing is on by default with five isolation backends. The platform gateway can’t reach the agent runtime directly. Every community-submitted skill is scanned for exfiltration, prompt injection, destructive commands, and supply-chain risk before it lands on the index.
Two honest caveats:
The one category where OpenClaw still genuinely leads.
If your daily messaging is WeChat, DingTalk, or Yuanbao — or if you need iMessage and aren’t willing to run a Mac mini for relay duty in Hermes — OpenClaw is the answer today. Hermes will close most of these in the next two releases, but “today” is what matters when you’re choosing.
OpenClaw’s 50+ vs Hermes’s 40-ish is a slimmer lead than the skills count suggests, because OpenClaw’s long tail is mostly thin wrappers contributed by hobbyists. Hermes’s connectors are fewer but more consistently tested.
ClawHub (OpenClaw) is bigger but has the ClawHavoc legacy — even after publisher verification, you can’t fully trust the long tail. The Hermes skill index is smaller but every entry has cleared a security scan before being listed. For a personal-agent use case, smaller-and-trusted beats bigger-and-suspect.
Both are model-agnostic. Both work with OpenAI, Anthropic, Google, OpenRouter, Hugging Face, Ollama, and anything that speaks the OpenAI Chat Completions wire format. There’s no real differentiator here — with one nuance.
Practical recommendation either way: run Qwen 3.6 27B locally for personal-data tasks, fall back to Claude Opus 4.7 or GPT-5.4 for hard reasoning. Both frameworks let you do that. Call it a tie.
| OpenClaw | Hermes Agent | |
|---|---|---|
| Install | Mac installer; one-liner curl for Linux; Windows via WSL2 | One-liner for Linux/macOS/WSL2/Termux/PowerShell; uv handles Python deps |
| Where it runs | Laptop or home server primarily; cloud is awkward | $5 VPS, GPU box, serverless (Modal/Daytona), or laptop — first-class everywhere |
| Always-on story | Run on a Mac mini or NUC; not designed for cloud-native | Designed for cloud-native daemon use from day one |
| Updates | Manual; foundation publishes patches but adoption lags | Single command; semver discipline so far |
| Windows-native | WSL2 only | PowerShell installer exists but “early beta”; WSL2 recommended |
| Docker hardening | You build it yourself from the security guide | Sandboxing on by default; one of five backends |
If you want an always-on agent that lives in the cloud and you text from your phone, Hermes is the natural fit. If you want a thing that lives on your Mac and runs while you’re using the machine, OpenClaw still has the smoother UX. Realistically, most people want the first thing and don’t know it yet.
This is the second-most-important section after security, and it’s the one most reviews underweight.
Pick the project whose maintainer will still be answering your bug report a year from now. In May 2026 that’s clearly Hermes.
Both are MIT-licensed, free to install. Your real bill is models and infrastructure, which is identical between the two if you pick the same model. If you run Qwen 3.6 locally, both cost $0 in inference. If you call Opus 4.7 from a phone-tethered agent, both will charge the same.
Hermes is marginally cheaper to host — it runs happily on a $5 VPS, where OpenClaw really wants a laptop or NUC. Over a year that’s ~$60 saved or a Mac mini avoided. Not nothing.
SOUL.md and your skill set works.That’s the honest split. Five out of six new users in 2026 should be on Hermes.
Hermes Agent is the better product to bet your daily workflow on in May 2026. The reasoning, ranked:
hermes claw migrate as a first-class subcommand. When the competitor builds an importer for your config, the wind direction is no longer in doubt.OpenClaw isn’t bad. It’s a triumphant, viral product whose creator delivered breadth nobody else could match, whose foundation may yet stabilise, and whose ecosystem — ClawHub aside — is real. If you’re already happy on it, you don’t have to leave. But if you’re asking which one should I start with today, the answer is Hermes, and it isn’t especially close.
hermes claw migrateIf you decide to switch, Hermes ships a first-class import path.
# 1. Install Hermes alongside OpenClaw (they don’t conflict)
curl -fsSL https://hermes-agent.nousresearch.com/install.sh | sh
# 2. Run the migrator pointed at your OpenClaw config directory
hermes claw migrate --from ~/.openclaw --keep-source
# 3. Inspect what came across
hermes skills list
hermes memory show
hermes messaging status
# 4. Switch one bridge at a time. Telegram first, then Signal, then iMessage.
hermes messaging enable telegram
# (disable the same one in OpenClaw)
# 5. When you’re confident, stop OpenClaw’s gateway. Keep the data
# directory around for a week in case you need to roll back.The migrator brings over: API keys, model routing rules, SOUL.md / MEMORY.md converted into Hermes’s episodic store, your installed (and scanner-approved) skills, and messaging credentials. It does not bring over: hand-rolled cron jobs (Hermes’s natural-language scheduler is different), any custom Node.js skill that calls Gateway-internal APIs, and ClawHub skills that fail the scanner.
Plan an afternoon, keep the old install for a week as a fallback, and don’t cut over high-risk skills (finance, smart-home actuators) until you’ve run them on Hermes for a few days.
All judgements and rankings on this page are mine, not the sources’. The sources are linked so you can disagree informedly.