How Hermes Agent Achieves Self‑Improving AI Through Memory, Skills, and Nudge Engine

Overview

Hermes Agent has risen rapidly on the OpenRouter leaderboard (+204% growth, top coding and productivity rankings, 106k+ GitHub stars). Developers praise it not because it is merely another OpenClaw clone, but because it can learn from its own executions.

Three‑Subsystem Closed Loop

The self‑improving capability is built on three tightly coupled subsystems: Memory , Skill , and the Nudge Engine . Together they form a feedback loop that extracts experience, stores it, and reminds the agent to reflect.

Memory Subsystem

Memory is a pair of plain‑text files under ~/.hermes/memories/:

~/.hermes/memories/
├── MEMORY.md    # Personal notes: environment facts, project conventions
└── USER.md      # User profile: preferences, communication style

Both files have strict character limits (2200 for MEMORY.md, 1375 for USER.md) to force the agent to keep only high‑density facts. The MemoryStore maintains a live list of entries and a snapshot taken at session start:

# tools/memory_tool.py:116-122
class MemoryStore:
    def __init__(self, memory_char_limit=2200, user_char_limit=1375):
        self.memory_entries: List[str] = []
        self.user_entries: List[str] = []
        self.memory_char_limit = memory_char_limit
        self.user_char_limit = user_char_limit
        self._system_prompt_snapshot: Dict[str, str] = {"memory": "", "user": ""}

If adding a new entry would exceed the limit, the operation fails and returns the current entries so the model can decide what to replace or remove:

# tools/memory_tool.py:248-259
if new_total > limit:
    current = self._char_count(target)
    return {
        "success": False,
        "error": f"Memory at {current:,}/{limit:,} chars. Adding this entry ({len(content)} chars) would exceed the limit. Replace or remove existing entries first.",
        "current_entries": entries,
        "usage": f"{current:,}/{limit:,}"
    }

When the session starts, load_from_disk reads the files and freezes a snapshot that is injected into the system prompt. Because the snapshot never changes during the conversation, the prompt can be cached (prefix cache), saving token cost.

# tools/memory_tool.py:124-140
def load_from_disk(self):
    mem_dir = get_memory_dir()
    self.memory_entries = self._read_file(mem_dir / "MEMORY.md")
    self.user_entries = self._read_file(mem_dir / "USER.md")
    self._system_prompt_snapshot = {
        "memory": self._render_block("memory", self.memory_entries),
        "user": self._render_block("user", self.user_entries),
    }

The prompt guidance explicitly tells the model to store declarative facts, not commands:

# agent/prompt_builder.py:144-162
MEMORY_GUIDANCE = (
    "You have persistent memory across sessions. Save durable facts using the memory tool: user preferences, environment details, tool quirks, and stable conventions.
"
    "Prioritize what reduces future user steering — the most valuable memory is one that prevents the user from having to correct or remind you again.
"
    "Write memories as declarative facts, not instructions to yourself. 'User prefers concise responses' ✓ — 'Always respond concisely' ✗.
"
    "'Project uses pytest with xdist' ✓ — 'Run tests with pytest -n 4' ✗."
)

Skill Subsystem

Each Skill is a directory under ~/.hermes/skills/ with a mandatory SKILL.md front‑matter file:

~/.hermes/skills/
├── devops/
│   └── flask-k8s-deploy/
│       ├── SKILL.md      # Main instruction
│       ├── references/   # Reference documents
│       └── templates/    # Template files
└── software-development/
    └── fix-pytest-fixtures/
        └── SKILL.md

A typical SKILL.md looks like:

---
name: flask-k8s-deploy
description: Deploy a Flask app to Kubernetes with health checks
version: 1.0.0
---
# Flask K8s Deployment
## When to use
- User wants to deploy a Flask/Python app to Kubernetes
- User mentions K8s, kubectl, or container deployment
## Steps
1. Create Dockerfile with gunicorn (not dev server)
2. Build and push image to registry BEFORE creating deployment
3. Write deployment.yaml with livenessProbe pointing to /health
4. Write service.yaml with correct port mapping
5. kubectl apply both files
6. Verify with kubectl get pods and kubectl logs
## Pitfalls
- MUST push image to registry first, otherwise ImagePullBackOff
- Flask has no /health endpoint by default; add it manually
- Django needs additional ALLOWED_HOSTS env variable
- livenessProbe path must return 200, cannot require authentication

The Pitfalls section is not pre‑written; it is appended automatically after the agent encounters a failure, illustrating the “self‑improving” aspect of Skills.

Skill creation is triggered by the skill_manage tool when certain thresholds are met (e.g., >5 tool calls, error recovery, user‑corrected approach). The schema defines the exact conditions:

# tools/skill_manager_tool.py:681-701
SKILL_MANAGE_SCHEMA = {
    "name": "skill_manage",
    "description": (
        "Manage skills (create, update, delete). Skills are your procedural memory — reusable approaches for recurring task types.
"
        "Create when: complex task succeeded (5+ calls), errors overcome, user‑corrected approach worked, non‑trivial workflow discovered, or user asks you to remember a procedure.
"
        "Update when: instructions stale/wrong, OS‑specific failures, missing steps or pitfalls found during use.
"
        "If you used a skill and hit issues not covered by it, patch it immediately with skill_manage(action='patch') — don't wait to be asked.
"
        "After difficult/iterative tasks, offer to save as a skill. Skip for simple one‑offs."
    ),
}

Comparison with OpenClaw

OpenClaw stores Skills as hand‑written markdown files and has no mechanism for automatic skill generation or patching. Consequently, after hundreds of deployments the agent repeats the same mistakes. Hermes, by contrast, automatically extracts failures into Skills and patches them, reducing tool calls from 12 to 6 in the examples below.

Nudge Engine

The Nudge Engine decides when the agent should reflect. Two counters operate at different granularities: memory_nudge_interval = 10 – trigger after every 10 user turns. skill_nudge_interval = 10 (configurable) – trigger after 10 tool‑call iterations.

When a counter reaches its threshold, a silent background agent is forked to review the conversation snapshot:

# run_agent.py:2665-2711
def _spawn_background_review(self, messages_snapshot, review_memory=False, review_skills=False):
    def _run_review():
        with open(os.devnull, "w") as _devnull, \
                contextlib.redirect_stdout(_devnull), \
                contextlib.redirect_stderr(_devnull):
            review_agent = AIAgent(
                model=self.model,
                max_iterations=8,
                quiet_mode=True,
            )
            review_agent._memory_store = self._memory_store
            review_agent._memory_enabled = self._memory_enabled
            review_agent._user_profile_enabled = self._user_profile_enabled
            # disable nudge in the review agent to avoid recursion
            review_agent._memory_nudge_interval = 0
            review_agent._skill_nudge_interval = 0
            review_agent.run_conversation(
                user_message=prompt,
                conversation_history=messages_snapshot,
            )
    thread = threading.Thread(target=_run_review, daemon=True)
    thread.start()

The review agent runs up to eight iterations, writes no output (redirected to /dev/null), and shares the same memory store so any modifications become visible to the main agent after the review finishes.

Review Prompts

Two prompt sets guide the review agent:

Memory Review – focuses on user preferences and personal facts.

Skill Review – focuses on non‑trivial problem‑solving steps.

Both end with the sentence “If nothing is worth saving, just say 'Nothing to save.' and stop.” to prevent unnecessary writes.

Full Case Study: Three Conversations

Conversation 1 – Cold Start (deploy a Flask app to Kubernetes)

Memory and Skills are empty.

12 tool calls, two errors: ImagePullBackOff (forgot to push image) and CrashLoopBackOff (livenessProbe path wrong).

Review agent creates flask-k8s-deploy Skill with steps and Pitfalls.

Conversation 2 – Skill Reuse + Patch (deploy a Django app)

Skill index now contains flask-k8s-deploy.

Agent loads the Skill, reuses most steps, but encounters a Django‑specific error (DisallowedHost).

Review agent patches the existing Skill by adding the new Pitfall and updates user profile with the registry address.

Tool calls drop to 9, errors drop to 1.

Conversation 3 – Zero Errors (deploy a FastAPI micro‑service)

All relevant facts (user, registry, cluster) are already in Memory; the patched Skill covers the needed steps.

Only 6 tool calls, no errors.

Summary table (converted from the original HTML):

Calls: 12 → 9 → 6

Errors: 2 → 1 → 0

Memory: none → written after 2nd run → used from start of 3rd run

Skill: created after 1st run → patched after 2nd run → reused fully in 3rd run

Design Trade‑offs

Memory limit (2200/1375 chars) forces compression, keeping only high‑value facts.

Declarative facts vs procedural steps – Memory stores “what”, Skill stores “how”.

Frozen snapshot preserves the prompt for the whole session, enabling prefix‑cache reuse and cost savings.

Background fork performs reflection without user interruption.

Configurable nudge interval balances learning opportunities against API cost.

Patch‑first strategy updates only the failing fragment instead of rewriting the whole Skill.

Security scans block malicious writes to Memory and Skill.

Security Mechanisms

Memory content is scanned for threat patterns before injection:

# tools/memory_tool.py:65-81
_MEMORY_THREAT_PATTERNS = [
    (r'ignore\s+(previous|all|above|prior)\s+instructions', "prompt_injection"),
    (r'do\s+not\s+tell\s+the\s+user', "deception_hide"),
    (r'system\s+prompt\s+override', "sys_prompt_override"),
    (r'curl\s+[^
]*\$\{?\w*(KEY|TOKEN|SECRET|PASSWORD)', "exfil_curl"),
    ...
]

Skill files undergo a similar scan:

# tools/skill_manager_tool.py:56-74
def _security_scan_skill(skill_dir):
    result = scan_skill(skill_dir, source="agent-created")
    allowed, reason = should_allow_install(result)
    if not allowed:
        report = format_scan_report(result)
        return f"Security scan blocked this skill ({reason}):
{report}"

If a scan fails, the write is rolled back, preventing the agent from persisting malicious content.

RDSHermes: Team‑Ready Extension

RDSHermes packages Hermes’s self‑improving core and adds cloud‑native governance:

Encrypted credential management – API keys are stored in a gateway and never touch the agent’s filesystem.

One‑click onboarding via a web console; no manual config.yaml editing.

WebUI for conversational interaction, plus built‑in IM gateway.

Skill Hub pre‑installs professional database skills (slow‑SQL diagnosis, index optimization, health checks).

Read‑only mode for production databases; the agent can query but cannot modify.

Audit trail – every write operation requires a second confirmation and is logged for compliance.

Feature comparison (open‑source Hermes vs RDSHermes):

Installation – CLI + manual config.yaml vs console one‑click.

Interface – terminal CLI vs built‑in WebUI.

Credential handling – plain environment variables vs encrypted gateway.

Skill management – agent‑created files on disk vs pre‑packaged Skill Hub.

Security – basic memory scan vs full credential encryption and audit.

Conclusion

Hermes Agent’s self‑improving loop (Memory + Skill + Nudge) makes the agent faster and more reliable the longer it is used: tool calls drop, errors disappear, and newly discovered pitfalls become part of the reusable knowledge base. Compared with OpenClaw, Hermes automatically turns failures into reusable Skills, turning “learning by trial” into “learning by reflection”. RDSHermes bundles these capabilities for teams, adding cloud‑native security, professional database Skills, and a collaborative UI, turning a developer‑centric engine into an enterprise‑ready AI assistant.