mirrors/hermes-agent
1
0
Fork 0
mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-18 04:41:56 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 6

feat(skills-hub): add huggingface/skills as trusted default tap (#2549)

Browse source 
Adds Hugging Face's official skill catalog to the default GitHub taps and
classifies it as a trusted source alongside openai/skills and anthropics/skills.

- tools/skills_guard.py: huggingface/skills -> TRUSTED_REPOS
- tools/skills_hub.py: GitHubSource.DEFAULT_TAPS += huggingface/skills (skills/)
- website/docs: list it under default taps + trusted-source examples

Closes #2549.

Co-authored-by: teknium1 <127238744+teknium1@users.noreply.github.com>
This commit is contained in:
kshitijk4poor 2026-05-15 01:20:24 -07:00 committed by Teknium
parent 0086cdaf93
commit e0e4856d46
4 changed files with 5 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

2
tools/skills_guard.py
View file

@ -36,7 +36,7 @@ from typing import List, Tuple
# Hardcoded trust configuration
# ---------------------------------------------------------------------------
TRUSTED_REPOS = {"openai/skills", "anthropics/skills"}
TRUSTED_REPOS = {"openai/skills", "anthropics/skills", "huggingface/skills"}
INSTALL_POLICY = {
# safe caution dangerous

1
tools/skills_hub.py
View file

@ -329,6 +329,7 @@ class GitHubSource(SkillSource):
DEFAULT_TAPS = [
{"repo": "openai/skills", "path": "skills/"},
{"repo": "anthropics/skills", "path": "skills/"},
{"repo": "huggingface/skills", "path": "skills/"},
{"repo": "VoltAgent/awesome-agent-skills", "path": "skills/"},
{"repo": "garrytan/gstack", "path": ""},
{"repo": "MiniMax-AI/cli", "path": "skill/"},

2
website/docs/developer-guide/creating-skills.md
View file

@ -360,7 +360,7 @@ All hub-installed skills go through a security scanner that checks for:
Trust levels:
- `builtin` — ships with Hermes (always trusted)
- `official` — from `optional-skills/` in the repo (builtin trust, no third-party warning)
- `trusted` — from openai/skills, anthropics/skills
- `trusted` — from openai/skills, anthropics/skills, huggingface/skills
- `community` — non-dangerous findings can be overridden with `--force`; `dangerous` verdicts remain blocked
Hermes can now consume third-party skills from multiple external discovery models:

3
website/docs/user-guide/features/skills.md
View file

@ -351,6 +351,7 @@ Hermes can install directly from GitHub repositories and GitHub-based taps. This
Default taps (browsable without any setup):
- [openai/skills](https://github.com/openai/skills)
- [anthropics/skills](https://github.com/anthropics/skills)
- [huggingface/skills](https://github.com/huggingface/skills)
- [VoltAgent/awesome-agent-skills](https://github.com/VoltAgent/awesome-agent-skills)
- [garrytan/gstack](https://github.com/garrytan/gstack)
@ -445,7 +446,7 @@ Important behavior:
|-------|--------|--------|
| `builtin` | Ships with Hermes | Always trusted |
| `official` | `optional-skills/` in the repo | Builtin trust, no third-party warning |
| `trusted` | Trusted registries/repos such as `openai/skills`, `anthropics/skills` | More permissive policy than community sources |
| `trusted` | Trusted registries/repos such as `openai/skills`, `anthropics/skills`, `huggingface/skills` | More permissive policy than community sources |
| `community` | Everything else (`skills.sh`, well-known endpoints, custom GitHub repos, most marketplaces) | Non-dangerous findings can be overridden with `--force`; `dangerous` verdicts stay blocked |
### Update lifecycle