The Hermes Skills Hub makes installing extensions easy—and that ease can make choice overload worse. A better approach is to browse with a checklist: confirm the bundled baseline first, search by real tasks, run candidates through inspect, then install. This guide uses that Hub workflow to deliver the same 2026 must-have skill set.
In the Hub you may see browser, YouTube, Obsidian, SEO, Composio, Playwright, MCP, design, and security skills side by side—names and popularity are not the same as real need. Do not pick by title alone: use built-in capabilities as your baseline, search externally by task, and inspect first—verify source and permissions before you install.
1 Before you browse: you are not here to install everything
Skills are on-demand workflow docs, not trophies. Each install adds instructions, scripts, and attack surface. The most complete lists online exist to help you filter—not to install in bulk. Aim for: this week’s tasks covered, token cost under control, and traceable sources.
Recommended flow: define task → check bundled → search candidates → inspect → risk tier → install → check. CLI entry points: hermes skills browse, hermes skills search <query>, hermes skills inspect <ID>, hermes skills install <ID> (includes a security scan). Installs land in ~/.hermes/skills/; maintain with hermes skills list, hermes skills check, and hermes skills audit.
2 Check local and bundled skills first
Hermes ships with bundled skills (updated with the app, no Hub pull needed). Official optional skills are heavier or niche and off by default—enable with hermes skills install official/.... The Hub is layer three: official registry, skills-sh, well-known endpoints, and direct URLs.
Before searching externally, run hermes skills list or /skills in chat to avoid duplicates. Most baseline capabilities below are already bundled or official—use them before Hub hunting:
| Capability | Typical bundled / official | When to search the Hub |
|---|---|---|
| Planning | plan | Industry-specific templates |
| Git / PR | github-pr-workflow | GitLab, Gitea, or other hosts |
| Academic search | arxiv (official) | Custom database APIs |
| Diagrams | excalidraw, ascii-art | Brand templates or design systems |
| Skill management | /skills, skill_view | — |
3 Search external skills by task keywords
Name 1–3 real tasks for this week, then search—far more effective than browsing categories at random:
| Search terms | Skill type | Best for | Review focus |
|---|---|---|---|
browser, playwright | Browser automation | E2E, scraping, forms | Headless browser use, outbound network scope |
youtube | Media / summarization | Video research, script extraction | API keys, copyright and ToS |
obsidian, notion | Knowledge base | Notes sync, second brain | Local path access, vault boundaries |
defuddle, readability | Article extraction | Research, clipping | External requests, private data |
seo, content | Content / publishing | Blogs, landing pages | Third-party SEO API dependencies |
composio, mcp | Orchestration / MCP | Multi-SaaS workflows | OAuth scope, MCP server trust |
1password, security | Credentials / security | Secret injection, audits | Storage model, plaintext on disk |
Filter by source: hermes skills browse --source official, hermes skills search react --source skills-sh. Always hermes skills inspect <ID> to read SKILL.md and the scripts/ folder before installing.
4 Seven criteria to filter candidates
- Source — Prefer official; for skills-sh / GitHub verify org identity and recent activity, not just the README.
- Maintenance — Commits in the last ~90 days; still compatible after Hermes / Agent Skills spec changes.
- Documentation — SKILL.md should state when to use, procedure, and pitfalls; vague “do everything” skills are risky.
- Scripts — Watch for
curl | bash, arbitrary downloads, or system changes inscripts/; heed CLI security scan warnings on install. - Network — Default outbound access and webhooks; be stricter on gateway / Telegram deployments.
- Secrets — Frontmatter
configfields; manage viahermes skills config, never plaintext secrets in SKILL.md. - Permissions — Enable per platform in
hermes skills config; keep dev-heavy skills on CLI, not wide-open on gateways.
Risk tiers: Green (read-only flow, no scripts) → safe to trial; Yellow (scripts, API keys) → inspect + isolated trial; Red (broad shell, unknown binaries) → skip unless you fully trust the maintainer.
5 2026 external skills worth inspecting first
These are search directions and review notes, not official rankings—IDs change; use hermes skills search on install day:
| Priority | Search terms / type | Best for | Review focus |
|---|---|---|---|
| P0 | 2–3 words tied to your core work | This week’s deliverables | Can bundled plan / PR skills cover it? |
| P1 | browser / playwright | Automation QA, competitor pages | Browser sandbox, credential isolation |
| P1 | mcp, composio | Multi-tool orchestration | Connector OAuth, least privilege |
| P2 | obsidian, defuddle | Research, knowledge capture | Local paths, backups |
| P2 | seo, youtube | Content pipelines | API quotas and compliance |
| P3 | Design, music, creative | Occasional output | Dependency size, GPU needs |
6 Browse the Hub by scenario
- Development —
k8s,react,pr,test; start with bundled PR/plan, then add stack-specific skills. - Content —
seo,blog,social; limit concurrent writing skills to avoid conflicting instructions. - Research —
arxiv(official),paper,defuddle; prefer read-only skills, fewer auto-post permissions. - Office / knowledge —
obsidian,calendar,email; check mail and calendar read/write scope. - Automation —
playwright,cron,webhook; plan alongsidehermes toolsenablement. - Security —
1password,audit; CLI-first, monthlyhermes skills check/audit.
7 Top 20 mindset and minimal install order
“Top 20” is not an install quota. A practical stack: bundled baseline (~5–8 is often enough) + P0 scene skills (2–3) + optional P1 (3–5) + experimental P2 (as needed)—usually 10–15 active skills total.
Suggested install order: ① hermes skills list inventory → ② fill official gaps (e.g. arxiv) → ③ P0 search + inspect → ④ install after green/yellow tiering → ⑤ hermes skills config to restrict gateway platforms → ⑥ run one real task → ⑦ monthly hermes skills check. New skills apply in new sessions; use /reset or --now on install for the current session.
| Phase | Action | Target count |
|---|---|---|
| Baseline | Confirm bundled + needed official | Do not duplicate Hub equivalents |
| P0 | inspect → install core work skills | 2–3 |
| P1 | Browser / MCP / testing | +3–5 |
| P2 | Content, design, media | On demand; uninstall when done |
| Maintenance | check / update / audit | Monthly |
8 Browse the Hub more comfortably on Mac mini
Hermes skills need a stable Unix host, long-running background services, and a recoverable ~/.hermes workspace. A Mac mini M4 draws little power and stays quiet for 24/7 hermes gateway plus local inspect and trial installs; macOS gives you Homebrew, SSH, and launchd without tying the agent to your daily laptop. Unified memory helps when local models and multiple skills run together; Gatekeeper and FileVault reduce impact from risky scripts. If you are building a dedicated Hermes box, Mac mini M4 remains the clearest value entry in 2026—see below for options.
Spend 15 minutes in the terminal on a disciplined Hub pass—not bookmarking install commands:
- 1Run
hermes skills listand note which task types are already covered - 2Search the Hub for this week’s real tasks;
inspectthree candidates - 3Label green / yellow / red with the seven criteria; install at most one yellow skill to trial
- 4Use
hermes skills configto disable high-risk skills on gateways - 5Add
hermes skills checkto your monthly calendar
Run Hermes Skills reliably on Mac mini
24/7 quiet operation · Safer local inspect and trials · Remote gateway and skill directory management. Keep your agent stack maintainable.