For most people, "using AI" still means a chat window. You open a tab, type a question, read the answer, close the tab. Useful — but it has a ceiling. The model forgets you the moment you leave, it can't reach into your actual tools, and every single thing it does, you have to ask for, one prompt at a time.
There's a quieter shift happening underneath that, and it's the one worth paying attention to. Instead of visiting an AI in a browser, a growing crowd of people now run one — a personal, always-on AI agent that lives on their own machine, plugs into their chat apps and files, retains what it picks up, and gets on with work without being babysat. Agentic AI is the new frontier.
Two open-source projects sit at the front of this movement: OpenClaw and Hermes Agent — two of the most prominent open-source agentic AI frameworks of 2026. Both live at the consumer end of the spectrum: personal, autonomous agents you run for yourself, rather than the enterprise systems wired deep into a company's stack. They look like competitors, and in a sense they are. But the more interesting thing is what they reveal about two different beliefs about what a personal agent is actually for — and, having run both, where one of them will quietly get you into trouble.
This isn't a spec-sheet shoot-out with a trophy at the end. It's a map of the category, drawn through its two best examples, so that by the end you can tell which philosophy fits you — and what it really costs to run either one safely.
What a "personal self-hosted agent" actually is
Before pitting the two against each other, it's worth being precise about the thing they both are, because the category is new enough that the words slide around.
A personal self-hosted agent is built from four parts, and once you can see them, every tool in this space looks the same underneath:
- A gateway. One process that runs on your computer or a server you control. It's the switchboard — it holds your sessions, your settings, and your connections, and it's the thing that's "always on."
- Channels. The surfaces you actually talk to it through. Both OpenClaw and Hermes connect to twenty-odd messaging platforms — WhatsApp, Telegram, Slack, Discord, Signal, iMessage, email — so the agent meets you where you already are rather than in yet another app.
- Skills. Reusable packets of know-how. A skill teaches the agent how to do a recurring job — review a document, post to a channel, scrape a site — so it doesn't have to work the approach out from scratch each time.
- Memory. What survives between conversations. This is the line between a tool and an assistant: a chatbot starts every session blank; an agent retains who you are, what you asked last week, and what worked.
Put those together and you get something categorically different from a chatbot. It runs in the background. It can act across your tools. It accumulates context about you and your work. And — this is the part people underestimate — it can take actions in the real world on its own, which is exactly what makes it powerful and exactly what makes it risky.
A chatbot answers when spoken to. A personal agent keeps a key to your house. That single fact should colour every decision you make about which one to run.
Hold those four parts in mind. The whole OpenClaw-versus-Hermes question is really a question of which beliefs each project has about how they should work.
OpenClaw in one read
OpenClaw started life under other names — it was Clawdbot, then MoltBot, before settling on OpenClaw — and grew out of a community project led by Peter Steinberger, built around "Molty," a space-lobster mascot that tells you a lot about the project's personality. It's MIT-licensed, built on Node and TypeScript, and you install it with a single npm install -g openclaw.
Its core belief is that a personal agent should be a polished assistant you can reach from anywhere, on any device. That shows up in where the project spends its effort. OpenClaw has companion apps for macOS, iOS and Android, voice-wake and talk modes, and a "Live Canvas" where the agent can build a visual workspace in front of you. Its list of supported channels is genuinely enormous. Skills live as SKILL.md files in your workspace and are shared through a community registry called ClawHub, and the agent's character is shaped by a few prompt files — AGENTS.md, SOUL.md, TOOLS.md — that you can edit directly.
If you want the impression in one line: OpenClaw is the consumer-grade personal assistant of this category — the most surfaces, the most polish, the most "message it from your phone and it just works" energy. It is, deservedly, the project that made a lot of people believe in this idea in the first place.
It is also, as I'll get to, the one I'd hand to the fewest people without a serious warning attached.
Hermes Agent in one read
Hermes Agent comes from a very different place: it was released in February 2026 by Nous Research, an AI research lab, and that lineage is stamped all over it. It's MIT-licensed, Python-first, and installs from a single command on Linux, macOS or WSL2.
Its core belief is that a personal agent should be one that learns and compounds — that gets more capable the longer it runs, rather than starting fresh each time. This is the project's headline and its genuine differentiator. Hermes has what it calls a learning loop: it curates its own memory, generates new skills from experience, refines those skills while it uses them, and recalls past work through full-text search with summarisation. There's even research-lab DNA in the details — it can generate training data from its own work, and integrates with the Model Context Protocol for external tools.
The other thing Hermes takes seriously is where it runs and how safely. It'll run locally, in Docker, over SSH, or on serverless backends like Modal and Daytona that hibernate when idle. And crucially, it ships with command approval, authorisation gates, and container isolation as part of how it operates — guardrails that are present by design rather than bolted on later.
One telling detail: Hermes includes a migration command, hermes claw migrate, that imports your setup from OpenClaw. A project doesn't build a one-way migration tool out of its main rival unless it's deliberately positioning itself as the place OpenClaw users graduate to. That's worth noticing.
In one line: Hermes is the research-grade personal agent — less about being on every device, more about being an agent that improves itself and runs on sane defaults.
Head-to-head
Here's the comparison at a glance, then the dimensions that actually matter.
OpenClawHermes Agent
Origin
Community project (Peter Steinberger); formerly Clawdbot/MoltBot
Nous Research (AI lab), February 2026
Stack
Node / TypeScript
Python-first
Core idea
Polished personal assistant across every device and channel
Self-improving agent that compounds over time
Memory & skills
SKILL.md files; ClawHub registry
Agent-curated memory, autonomous skill generation and refinement, full-text recall
Surface area
Companion apps, voice wake, Live Canvas, 20+ channels
CLI/TUI plus 20+ channels; serverless backends
Portability
Local-first, always-on daemon
Local, Docker, SSH, or serverless (Modal/Daytona)
Trust model
Open and trusting by default
Command approval, authorisation, container isolation built in
Licence
MIT
MIT
Tell
npm install -g openclaw
hermes claw migrate (imports from OpenClaw)
Philosophy. OpenClaw optimises for reach and polish — be everywhere, feel effortless. Hermes optimises for compounding capability and safer operation. Neither is wrong; they're answers to different questions.
Memory and learning. This is Hermes's clearest lead. OpenClaw retains context and uses skills, but Hermes treats getting better over time as the whole point — generating and sharpening its own skills as it works. If you want an agent that's meaningfully more useful in month three than in week one, that gap matters.
Surface area. OpenClaw wins on sheer presence. Voice, mobile apps, the Live Canvas, the longest channel list — if you want an assistant that's genuinely ambient across your devices, it's ahead.
Infrastructure. Hermes is more flexible about where it lives, and its serverless, hibernate-when-idle option is a real cost and ops advantage if you don't want a machine running 24/7.
Ecosystem. Both share more than it first appears, because skills are portable — hermes claw migrate means OpenClaw's skill ecosystem isn't exclusively OpenClaw's. That cuts both ways, as the next section explains.
🧠 Quick Challenge: True or false — because both OpenClaw and Hermes are self-hosted (they run on your own machine), your data and system are inherently secure.
- A) True
- B) False
Answer: B) False. Self-hosting means your data stays on infrastructure you control — a genuine privacy win — but it says nothing about whether the agent is safe. As we noted up top, a personal agent "keeps a key to your house": it can act on its own, across your tools, with your credentials. Privacy and security are two different problems — and the next section is about the second one.
The part nobody warns you about: OpenClaw's trust problem
Everything above is the brochure. Here's what I learned actually running this stuff.
OpenClaw's greatest strength — its open, trusting, anything-goes nature — is also its most serious liability. Out of the box, it is insecure. It's built to be permissive: connect anything, install any skill, let the agent reach your files and shell. That's wonderful for tinkering and genuinely dangerous the moment it's exposed to the real world, where the agent holds credentials and can act without you watching.
Getting an OpenClaw deployment actually secure is not a weekend job. It's a gargantuan task, and an expert one — sandboxing properly, locking down channels and pairing, constraining what the agent and its skills can touch, keeping the attack surface from quietly creeping back open with every new plugin. I've watched the market price this in: specialist services for a hardened, custom OpenClaw install run as high as £4,000. That number alone should tell you this isn't the friendly set-and-forget assistant the mascot implies.
Then there's the skill registry. ClawHub is full of community skills, and I found a meaningful share of them laced with nefarious behaviour — and not only the obviously sketchy ones. Some skills marked "safe" weren't. A "safe" label is a claim, not a guarantee, and on a system where a skill can run your shell and read your files, trusting that label is how people get burned. And because skills migrate cleanly into Hermes, importing someone else's setup means importing their risks along with it — a hardened agent running a compromised skill is still compromised.
On a personal agent, a skill isn't a feature you try — it's code you've granted access to your machine. Vet it like you'd vet a stranger you're handing your keys.
This is exactly why I built review-my-agent, an OpenClaw skill that lints agent instruction files before you trust them. It scores a SOUL.md or SKILL.md across seven dimensions — clarity, completeness, conflicts, voice, guardrails and injection defence, token efficiency, and structure — and hands back the top issues with quoted text, diagnoses, rewrites, and stress-test prompts that try to break the agent. It won't replace real security engineering, but it turns "I hope this skill is fine" into "here's what this skill actually tells the agent to do" — which is the question you should be asking before anything reaches your shell.
None of this means don't run OpenClaw. It means run it with your eyes open, and budget — in time, money, or both — for the security work the polish quietly hides.
The deeper point
Step back from the feature lists and there's something bigger going on here, and it's the reason this comparison belongs on a site about going from AI user to AI builder.
The person running a personal agent isn't prompting any more. They're operating. They're deciding what the agent can touch, writing or vetting the skills it runs, designing the guardrails, choosing where it lives and what it retains. That's a different posture entirely from typing into a chat box — it's closer to managing a capable, slightly reckless new hire than to using a tool.
That posture is the whole game. The interesting question stops being "what can AI do?" and becomes "what am I willing to build, trust, and be responsible for?" Both OpenClaw and Hermes are on-ramps to that shift. The difference is that one of them hands you the keys with a smile and assumes you know what you're doing, while the other assumes you might not — and that distinction is, in the end, the one that should decide your choice.
How to choose
There's no universal winner here, and anyone who tells you otherwise is selling something. Choose against your own situation.
Choose OpenClaw if you want the most polished, ambient assistant — voice, mobile apps, presence across every channel — you're comfortable in the JavaScript ecosystem, and you (or someone you pay) can do the security work properly. It is not a set-and-forget tool. Treat it as a powerful platform that demands real operational discipline, and it's superb. Treat it as a friendly mascot, and it'll eventually bite.
Choose Hermes if you want safer defaults, lower ops burden, and an agent that compounds — one that learns and improves the longer it runs. It's the more pragmatic default for most people who aren't security specialists, and the migration path means you don't lose your OpenClaw skills getting there. The Python-first stack and serverless options are a bonus if they fit how you work.
Whichever you pick, the non-negotiable is the same: vet every skill before you trust it. A personal agent is the most capable software most people will ever run on their own machine, and capability without scrutiny is just exposure. That's the discipline that separates someone operating an agent from someone who's about to learn an expensive lesson.
Frequently asked questions
Can I run OpenClaw and Hermes at the same time? Technically yes — they're separate processes — but there's little reason to. Pick the philosophy that fits you. If you start on OpenClaw and outgrow it, hermes claw migrate brings your setup across.
Do I need to be a developer to use these? To use one casually through a chat app, no. To run one safely, effectively yes — or you'll need to pay someone who can. Both are powerful enough that the gap between "got it working" and "got it working securely" is wide, and that gap is where the risk lives.
Are they actually free? The software is open-source and MIT-licensed, so yes. But you still pay for the AI model behind it (both work with most major providers), for whatever you run the gateway on, and — especially with OpenClaw — potentially for the security work to harden it.
Is one more private than the other? Both are self-hosted, which is the privacy win: your data stays on infrastructure you control rather than a vendor's servers. But self-hosted isn't the same as secure. Hermes's built-in approval and isolation give you a safer starting point; OpenClaw gives you far more freedom — including enough to do real damage if you're careless.
What's the single most important thing to get right? Skill hygiene. On either platform, the skills you install are code with access to your machine. Vet them — that's the entire reason I built review-my-agent. Everything else is preference; this one's safety.
Ready to run your own AI agent without handing over the keys? Our Learning Paths take you from prompting in a chat window to operating agents you actually understand — guardrails included.