Hermes is eating OpenClaw’s lunch — and I’m here for it
A view from the homelab, where I’ve been running OpenClaw on a Proxmox LXC for months and watching the wheels come off in real time.
⚡ The state of the race (May 2026)
Three months ago this wasn’t a debate. OpenClaw was the open-source agent framework — 345K GitHub stars, 13,700+ skills, the lobster meme everywhere, a Reddit community north of a hundred thousand. If you self-hosted an agent in 2025, you self-hosted OpenClaw.
Then Nous Research dropped Hermes Agent on February 25, 2026. Ten weeks later, Hermes Agent hit 110k GitHub stars — the fastest-growing agent framework of 2026. And the kicker:
🔥 As of May 2026, it’s overtaken OpenClaw on OpenRouter’s global daily rankings, processing 224 billion tokens per day compared to OpenClaw’s 186 billion.
The underdog became the top dog in a calendar quarter. Let’s talk about why.
🧠 The architectural bet, in one line
You can compress the entire debate to a single contrast:
| Question the framework asks | Framework |
|---|---|
| “How many things can I connect to?” | 🦞 OpenClaw |
| “How much better can I get at your things?” | 🪽 Hermes |
OpenClaw thinks in terms of organizations of agents. Hermes thinks in terms of a single agent that improves over time.
That’s the whole post in fifteen words. Everything below is just receipts.
🟢 Why Hermes feels like a product
It actually learns
This is the headline feature and it’s not marketing. Hermes ships with a closed learning loop — after repeated use, it can detect patterns and develop skills from experience. OpenClaw could theoretically do this. Hermes does it out of the box.
Translation for the daily reports / content pipelines / monitoring loops crowd: the muscle memory builds itself.
It’s stable enough to leave running
I’ve had a Hermes node up for three weeks. Memory hasn’t leaked, the parent-subagent model hasn’t deadlocked, no 3am restarts. Compare that to the OpenClaw experience below.
The migration tool is a flex
In early April 2026, the project reached a major milestone with the release of its v0.8.0 update, which introduced a seamless migration tool for disgruntled OpenClaw users who are looking for a more secure and autonomous alternative.
Shipping a “come over from the competitor” tool is the energy of a product that knows it’s winning.
It recovers from its own mistakes
In a Long-Horizon Task test, Hermes’ learning loop allowed it to recover from errors 22% more effectively than OpenClaw. For anyone running unattended automations overnight, that number is the entire ballgame.
🔴 Why OpenClaw broke too often
I want to like OpenClaw. I run it. The ecosystem is genuinely huge. But the last four months have been brutal.
The CVEs kept coming
DepthFirst researcher Mav Levin discovered CVE-2026-25253, a one-click remote code execution vulnerability that could compromise any OpenClaw instance in milliseconds. Simply visiting a malicious webpage was enough to trigger the attack chain, which exploited missing WebSocket origin validation to steal authentication tokens, disable sandboxing via the API, and achieve full host compromise.
Then a few weeks later: CVE-2026-32922 (CVSS 9.9) exposed a privilege escalation flaw that allowed full system access through token scope misuse.
60+ CVEs and 60+ GHSAs disclosed to date. In five months.
The skills marketplace got owned
ClawHub — the thing that was supposed to be OpenClaw’s killer differentiator — became its biggest liability:
🟡 A security audit of 2,857 third-party extensions on ClawHub, the marketplace where OpenClaw users discover and install additional capabilities, identified 341 malicious “skills” tied to coordinated attack campaigns.
That’s roughly 12% of the registry. The ClawHavoc campaign primarily delivered Atomic macOS Stealer (AMOS). The marketplace I was trusting to “download a skill and keep moving” was actively shipping macOS info-stealers.
The defaults were genuinely indefensible
This is the part that broke me. Authentication is disabled out of the box, the server accepts WebSocket connections without verifying their origin, and there’s no rate limiting on login attempts. A user who installs OpenClaw and doesn’t go looking for hardening guides ends up with all of that by default.
Shodan scans conducted in February 2026 found 42,000+ OpenClaw instances exposed on the public internet. Of those: 63% were running with gateway authentication disabled.
That’s not a security incident. That’s a product decision.
Even the enterprises noticed
Meta reportedly restricted internal OpenClaw use after the February 2026 CVE disclosures. When Meta — Meta! — pulls a tool internally, the room has read the room.
🛠️ The “feels like a product” test, in code
Here’s the install/first-run experience. This is unscientific and absolutely the kind of thing that decides which framework eats the long tail.
OpenClaw → 11 steps before you can sleep
# 1. Pull the container
docker pull openclawai/openclaw:latest
# 2. Run it (with the default config you'll regret)
docker run -d -p 18789:18789 openclawai/openclaw
# 3. Realise auth is OFF by default. Stop. Re-read docs.
# 4. Set OPENCLAW_AUTH_REQUIRED=true
# 5. Set OPENCLAW_SANDBOX=true (also off by default)
# 6. Bind to 127.0.0.1, not 0.0.0.0 (also default 0.0.0.0)
# 7. Generate API token
# 8. Pin skill versions in soul.md (NEVER auto-update)
# 9. Run every skill's source through manual review
# 10. Add VirusTotal hash check to install pipeline
# 11. Set up Cloudflare Tunnel + Access policy in front
# Now you can sleep. Maybe.
Hermes → 2 steps and you’re working
# 1. Pull
docker pull nousresearch/hermes-agent:latest
# 2. Run (sane defaults: auth on, bound to loopback, sandboxed skills)
docker run -d -p 7860:7860 \
-v ./hermes-data:/data \
nousresearch/hermes-agent
# Done. Learning loop starts on first interaction.
Both can be hardened. Only one ships hardened. That’s the entire product difference in 14 lines of bash.
🦞 vs 🪽 — the head-to-head
| Dimension | OpenClaw | Hermes Agent |
|---|---|---|
| GitHub stars (May ’26) | ~345K | ~110K |
| Daily tokens via OpenRouter | 186B | 224B 🟢 |
| Self-learning out of box | ❌ | ✅ |
| Multi-agent orchestration | ✅ stronger | ⚠️ parent/subagent only |
| Skill ecosystem | Huge but poisoned | Smaller, curated |
| Default-safe install | ❌ | ✅ |
| CVE count (5 months) | 60+ | Negligible |
| Stewardship | Independent foundation; creator now at OpenAI | Nous Research |
| Migration tool to/from rival | ❌ | ✅ v0.8.0 ships one |
💎 My take
OpenClaw won the awareness war. Hermes is winning the trust war. In open-source infrastructure, trust eats awareness for breakfast.
The community is split — experienced users run OpenClaw as the orchestrator (planning, decomposition, multi-step coordination) and Hermes as an execution specialist (fast, repeatable task loops) — and that’s a perfectly reasonable architecture. But I’d argue it’s a transitional one. Hermes is closing the multi-agent gap faster than OpenClaw is closing the trust gap.
The OpenClaw codebase isn’t bad. The defaults are bad. The marketplace governance is bad. The lobster meme can’t paper over a 9.9-CVSS privilege escalation forever.
So what am I actually going to do?
I’ve been using OpenClaw for months. The honest truth? I’ve spent more time tweaking the model than getting actual work out of it. Every week is another patch, another skill to audit, another config to harden. It’s a hobby disguised as a tool.
Hermes feels way more plug and play. Yes, there’s still a learning curve — every agent framework has one — but it’s a fraction of what OpenClaw demands. You can sit down, give it a job, and it gets on with the job.
So I’m spinning OpenClaw down. At this point it’s basically a glorified news messenger for me — and honestly, I might just leave it doing exactly that 🤣.
Hermes gets the keys from here. I want to see how much more powerful it actually is when you let it run.
What I’m trying next 🧪
The experiment I’m genuinely excited about: getting Hermes to play nicely with other agentic tools — Claude Code in particular — and having Hermes sit at the top as the CEO, running the rest of my agents for me. One brain to delegate to all the specialists.
If that sounds like your kind of rabbit hole, sign up to my newsletter — that’s where I’ll be writing up what works, what breaks, and what I learn along the way.