Crypto OG, why has the Hermes Agent emerged as the top challenger to OpenClaw?

On February 25, 2026, Nous Research released Hermes Agent v0.1.0. 42 days later, on April 8, the project had iterated to v0.8.0, 8 major versions, merging hundreds of PRs, with 242 contributors. During the same period, the hottest open-source AI Agent project on GitHub, OpenClaw, had 346,000 stars, but also accumulated 138 security vulnerabilities in 63 days.

Two growth curves are rising simultaneously, but what is rising is entirely different.

From going live on January 29 to surpassing React as the most starred software project in GitHub's history on March 3, OpenClaw took only 33 days. According to OpenClaw Statistics, during its peak, it gained 34,168 stars in 48 hours, equivalent to 710 stars per hour. For comparison, Kubernetes took about three years to reach 100,000 stars.

However, as per the Blink Security Blog tracking, during the same time window, security researchers were disclosing CVEs at a rate of 2.2 per day. Within 63 days, a total of 138 were disclosed, including 7 critical (CVSS 9.0 or above), 49 high, totaling 41%. The most destructive is CVE-2026-25253, a zero-click remote code execution vulnerability rated at 8.8 CVSS. Attackers only need to have a user visit a malicious webpage to steal authentication tokens through a WebSocket gateway, gaining full control of the user's Agent. According to Shodan scanning data, over 42,000 OpenClaw instances were exposed on the internet in February, with 63% not having gateway authentication enabled.

On February 14, OpenClaw founder Peter Steinberger announced joining OpenAI, transferring the project to an open-source foundation. Subsequently, the frequency of security issue disclosures further accelerated.

This sets the stage for the debut of the Hermes Agent. It's not a quiet race but a market where trust is eroding. However, considering Hermes solely as an "OpenClaw alternative" would miss more critical information. These two projects have fundamental architectural divergences.

The skill of OpenClaw is a static Markdown file, hand-written by the user, distributed through the ClawHub marketplace. According to the Snyk security team's February audit, out of 5,700 skills on ClawHub, 1,467 have been confirmed as malicious, including credential theft, crypto mining, persistent backdoors, and prompt injection. 91% of them mix prompt injection with traditional malware techniques. The highest installation count for a single malicious skill exceeds 340,000.

The Hermes Agent took a completely different path. Its skills are not written by users but generated by the Agent itself. After completing a complex task (usually involving 5 or more tool invocations), Hermes refines the execution experience into reusable skill documents following the agentskills.io open standard stored as structured Markdown. When encountering similar tasks later on, the Agent automatically invokes and optimizes these skills. Every 15 tasks trigger a reflective loop to assess which skills are effective and which need improvement.

The memory system is also fundamentally different. OpenClaw relies on three plain text files (SOUL.md for personality, MEMORY.md for notes, USER.md for user profile), requiring manual configuration for cross-session memory. Hermes features a built-in layered persistence architecture: persistent note layer, FTS5 full-text search, Honcho user modeling, hot/cold storage segregation, supporting 6 pluggable backends. Users don't need to manage anything manually; the Agent decides what to remember and forget.

The difference in the security model is more direct. The default security configuration of OpenClaw has been described by security researchers as "weak," with gateway authentication default off and no sandbox isolation for skill execution. From day one, Hermes has built-in prompt injection scanning, credential filtering, context scanning, and container hardening (read-only root filesystem + capability dropping). As of April 9, the Hermes Agent has no publicly known CVE records.

In simple terms, OpenClaw is a "toolbox" where you tell it how to do things. Hermes is a "growing assistant" that learns how to do things better through experience.

The iteration cadence is also speaking. In the 42 days from Hermes Agent v0.1.0 to v0.8.0, a single version, v0.2.0, merged 216 PRs, resolved 119 issues, integrated with 7 messaging platforms, and wrote 3,289 tests. According to GitHub data, 27,000 stars correspond to 242 contributors, with a contributor-to-star ratio of about 1:111, meaning that for every 111 followers, there is 1 writing code, showing a much higher community engagement density than OpenClaw.

More noteworthy is the team behind Hermes. Nous Research is not a sudden startup. Starting from a Discord community in 2022, they took three years to become one of the most influential players in the open-source AI model space. According to HuggingFace data, the Hermes model series has been downloaded over 33 million times. From Hermes 1 in 2023 (LLaMA 13B fine-tuning, top-ranked in multiple benchmarks) to Hermes 4 in 2025 (70B parameters), and now Hermes Agent, this line is consistent: first the model, then the Agent, with the model's capabilities forming the foundation of the Agent's capabilities.

Their roots are in web3. CEO Jeffrey Quesnelle previously served as the Chief Engineer of the Ethereum MEV infrastructure project Eden Network. In January 2024, the seed round was led by Distributed Global and OSS Capital, with personal investment from Solana co-founder Raj Gokal. In April 2025, one of the largest crypto venture capital funds, Paradigm, led a $50 million Series A, with a token valuation of $1 billion. Note that it is a token valuation, not a traditional equity valuation.

This means Nous Research is web3-native in both governance structure and technical architecture. Their Psyche network is built on the Solana blockchain and is a decentralized AI training infrastructure. The Hermes 4.3 released in December 2025 is the first model trained entirely on the Psyche network, using distributed consumer-grade GPUs worldwide, instead of relying on centralized data centers.

The web3 team's impact on the AI community is not an isolated case. On March 31, an engineer named Chaofan Shou discovered the source code leak of Anthropic Claude Code. The absence of a .npmignore file led to the public release of 512,000 lines of TypeScript code on npm. According to VentureBeat, the mirror repository after the leak received 100,000 stars within 24 hours. Chaofan Shou's alter ego is an engineer at Solayer Labs and the co-founder of the blockchain security company Fuzzland, a web3 security researcher who dropped out of UC Berkeley, causing one of the biggest code leak events in the AI community in 2026.

What Nous Research did is essentially similar: transplanting the methodology trained by the web3 community (open source first, decentralized governance, community-driven iteration) to the AI Agent infrastructure layer. The rapid iteration pace of Hermes Agent with 8 major versions in 42 days is to some extent a product of this methodology.

OpenClaw's security crisis was a catalyst, but not the reason. The real variable is how an AI Agent should be constructed. Should it provide users with a toolbox for them to assemble on their own, or should it build a system that can learn and evolve on its own? Nous Research spent three years and 33 million model downloads answering the latter question, and then turned the answer into a product in 42 days.