Skill Marketplace — Install Skills in Seconds
Key Points
- ✓Browse community-built skills
- ✓One-command install
- ✓Publish your own skills
- ✓Version-controlled updates
- ✓Skill ratings and reviews
- ✓Free and paid skills
How It Works
- 1Browse skills at the marketplace
- 2Install with a single command
- 3Skill auto-configures in ~/.hermes/skills/
- 4Publish your own skills to share or sell
Real-World Use Cases
MLOps Workflow Skills
Install the axolotl skill for fine-tuning Llama models, the eval-suite skill for benchmark runs, or the model-registry skill for version tracking. Complex ML workflows become single slash commands without reinventing the playbook each time.
Team Knowledge Bases as Skills
Package your team's deployment runbook, incident response procedure, or onboarding checklist as a skill. Publish to a private GitHub repo or team ClawHub organization. Every team member's Hermes gets the same playbook with one install command.
API Integration Skills
Community skills cover popular APIs — Stripe, Notion, Linear, GitHub, Jira. Install a pre-built integration skill and Hermes knows how to authenticate, call the right endpoints, and handle errors — without you writing a single line of tool definition YAML.
Domain Expert Skills
Install skills from domain experts: a security researcher's pentest methodology, a data scientist's EDA workflow, a DevOps engineer's Kubernetes debugging playbook. Expertise encoded and transferable in a single file.
Under the Hood
The Skills Hub supports five source types: Official (optional bundled skills from the Hermes repo, full trust), skills.sh (Vercel's public directory), Well-known (URL-based discovery via /.well-known/skills/index.json), GitHub (direct repo/path installs with format org/repo/path), and ClawHub (the dedicated Hermes marketplace at clawhub.ai). Each source has a trust level that determines whether skills are auto-installed or require security scan confirmation.
Security is built into the install flow. Every skill from external sources is scanned for malicious patterns before installation: command injection in SKILL.md procedures, exfiltration attempts in tool definitions, credential harvesting in environment variable prompts. Suspicious skills land in ~/.hermes/skills/.hub/quarantine/ with an explanation. The audit log tracks install/uninstall history so you can trace when a skill was added and by what command.
Skills are versioned, and hermes skills check compares installed versions against the source for updates. The format is the agentskills.io open standard — a SKILL.md with YAML frontmatter for metadata plus Markdown body for the procedure. This means skills created for Hermes work in any agentskills-compatible agent, and skills built for other compatible agents install in Hermes. The ecosystem is not Hermes-proprietary; your skill investment is portable.