Security audit checklist for Hermes Agent — verify bindings, auth, version, and run doctor.
Run this security checklist when asked to verify Hermes is secured, similar to OpenClaw's security audit.
Check that all platform adapters bind to localhost (not exposed):
# Check platform adapter bindings
grep -rE "(host.*=|bind.*=|listen.*=|0\.0\.0\.0|127\.0\.0\.1)" ~/.hermes/hermes-agent/gateway/platforms/ | grep -v "__pycache__"
Expected:
DEFAULT_HOST = "127.0.0.1"127.0.0.1:8080127.0.0.1:{port}0.0.0.0 — intentional for external callbacksRed flag: If unexpected 0.0.0.0 bindings appear for internal platforms.
Check authentication/authorization configuration:
# Check Telegram auth
grep "ALLOWED_USERS" ~/.hermes/.env
# Check approvals mode
grep -A2 "approvals:" ~/.hermes/config.yaml
# Check security settings
grep -A5 "security:" ~/.hermes/config.yaml
Expected:
TELEGRAM_ALLOWED_USERS set to specific user ID(s) — NOT empty or *approvals.mode: false (or true) — know your stancesecurity.redact_secrets: truesecurity.tirith_enabled: trueVerify Hermes is up to date:
hermes --version
If outdated:
hermes update
Watch for merge conflicts during update — resolve and verify.
Run the built-in diagnostics:
hermes doctor --fix
Review output for:
Check for exposed secrets:
# Secrets should be redacted in logs
grep -E "(api_key|token|password|secret)" ~/.hermes/config.yaml | head -20
Sensitive values should use ${ENV_VAR} syntax, not hardcoded strings.
After audit, provide a summary like:
SECURITY SUMMARY
| Check | Status |
|-------|--------|
| Gateway bindings | SAFE — all local-only |
| Telegram auth | SECURED — user whitelist set |
| Secret redaction | ON |
| Tirith guardrails | ON |
| Approvals | OFF |
| Version | UP TO DATE |
[Notes about any issues found]
If TELEGRAM_ALLOWED_USERS is not set or empty:
# Add to ~/.hermes/.env
echo "TELEGRAM_ALLOWED_USERS=YOUR_USER_ID" >> ~/.hermes/.env
# Restart gateway
If dangerous commands run without approval:
# In ~/.hermes/config.yaml