Hermes: Layered Persistent Memory
Self-evolving skills. The depth play. The memory reference. 33,000+ stars. Overtook OpenClaw on OpenRouter May 10, 2026 (224B tokens/day). On the breadth-vs-depth split, unambiguously the depth competitor.
Hermes is the Module 4 (Memory) reference at 5/5 — the only harness in the roster operating at tier 4 with write-back: the episodic record is not just logged (read-only) but curated into skills and re-injected. The store grows monotonically richer with use. This is the deepest memory implementation in the roster and the load-bearing reason for reference status.
The self-evolving skill store is the feature AND the vulnerability via the same mechanism (model-initiated writes, no gate). As a feature: the agent learns from every session without throttle, skills compound, switching cost accrues. As a vulnerability: a prompt-injected model persists a poisoned skill that compounds across all future sessions. The 5/5 on Module 4 and the 2/5 on Module 6 are the same design decision read from two sides.
The compounding that makes skills valuable is the same compounding that makes poisoning dangerous. A poisoned working file is read once; a poisoned skill activates on every similar future task with no natural decay. The memory-poisoning risk scales with memory depth, and Hermes — the deepest memory — carries the largest poisoning surface in the roster.
The NemoClaw-style harness-managed write gate (model proposes, harness validates) is the single highest-value fix. It converts the compounding-poisoning surface into a compounding-capability surface with the risk closed. The depth-versus-governance contrast between Hermes (DD-08, the depth reference) and NemoClaw (DD-09, the governance reference) is load-bearing for the roster — the two define the depth-vs-governance axis every other harness sits between.