mirror of https://github.com/NousResearch/hermes-agent.git synced 2026-05-18 04:41:56 +00:00

docs: deep audit — fix stale config keys, missing commands, and registry drift (#22784 )

* docs: deep audit — fix stale config keys, missing commands, and registry drift

Cross-checked ~80 high-impact docs pages (getting-started, reference, top-level
user-guide, user-guide/features) against the live registries:

  hermes_cli/commands.py    COMMAND_REGISTRY (slash commands)
  hermes_cli/auth.py        PROVIDER_REGISTRY (providers)
  hermes_cli/config.py      DEFAULT_CONFIG (config keys)
  toolsets.py               TOOLSETS (toolsets)
  tools/registry.py         get_all_tool_names() (tools)
  python -m hermes_cli.main <subcmd> --help (CLI args)

reference/
- cli-commands.md: drop duplicate hermes fallback row + duplicate section,
  add stepfun/lmstudio to --provider enum, expand auth/mcp/curator subcommand
  lists to match --help output (status/logout/spotify, login, archive/prune/
  list-archived).
- slash-commands.md: add missing /sessions and /reload-skills entries +
  correct the cross-platform Notes line.
- tools-reference.md: drop bogus '68 tools' headline, drop fictional
  'browser-cdp toolset' (these tools live in 'browser' and are runtime-gated),
  add missing 'kanban' and 'video' toolset sections, fix MCP example to use
  the real mcp_<server>_<tool> prefix.
- toolsets-reference.md: list browser_cdp/browser_dialog inside the 'browser'
  row, add missing 'kanban' and 'video' toolset rows, drop the stale
  '38 tools' count for hermes-cli.
- profile-commands.md: add missing install/update/info subcommands, document
  fish completion.
- environment-variables.md: dedupe GMI_API_KEY/GMI_BASE_URL rows (kept the
  one with the correct gmi-serving.com default).
- faq.md: Anthropic/Google/OpenAI examples — direct providers exist (not just
  via OpenRouter), refresh the OpenAI model list.

getting-started/
- installation.md: PortableGit (not MinGit) is what the Windows installer
  fetches; document the 32-bit MinGit fallback.
- installation.md / termux.md: installer prefers .[termux-all] then falls
  back to .[termux].
- nix-setup.md: Python 3.12 (not 3.11), Node.js 22 (not 20); fix invalid
  'nix flake update --flake' invocation.
- updating.md: 'hermes backup restore --state pre-update' doesn't exist —
  point at the snapshot/quick-snapshot flow; correct config key
  'updates.pre_update_backup' (was 'update.backup').

user-guide/
- configuration.md: api_max_retries default 3 (not 2); display.runtime_footer
  is the real key (not display.runtime_metadata_footer); checkpoints defaults
  enabled=false / max_snapshots=20 (not true / 50).
- configuring-models.md: 'hermes model list' / 'hermes model set ...' don't
  exist — hermes model is interactive only.
- tui.md: busy_indicator -> tui_status_indicator with values
  kaomoji|emoji|unicode|ascii (not kawaii|minimal|dots|wings|none).
- security.md: SSH backend keys (TERMINAL_SSH_HOST/USER/KEY) live in .env,
  not config.yaml.
- windows-wsl-quickstart.md: there is no 'hermes api' subcommand — the
  OpenAI-compatible API server runs inside hermes gateway.

user-guide/features/
- computer-use.md: approvals.mode (not security.approval_level); fix broken
  ./browser-use.md link to ./browser.md.
- fallback-providers.md: top-level fallback_providers (not
  model.fallback_providers); the picker is subcommand-based, not modal.
- api-server.md: API_SERVER_* are env vars — write to per-profile .env,
  not 'hermes config set' which targets YAML.
- web-search.md: drop web_crawl as a registered tool (it isn't); deep-crawl
  modes are exposed through web_extract.
- kanban.md: failure_limit default is 2, not '~5'.
- plugins.md: drop hard-coded '33 providers' count.
- honcho.md: fix unclosed quote in echo HONCHO_API_KEY snippet; document
  that 'hermes honcho' subcommand is gated on memory.provider=honcho;
  reconcile subcommand list with actual --help output.
- memory-providers.md: legacy 'hermes honcho setup' redirect documented.

Verified via 'npm run build' — site builds cleanly; broken-link count went
from 149 to 146 (no regressions, fixed a few in passing).

* docs: round 2 audit fixes + regenerate skill catalogs

Follow-up to the previous commit on this branch:

Round 2 manual fixes:
- quickstart.md: KIMI_CODING_API_KEY mentioned alongside KIMI_API_KEY;
  voice-mode and ACP install commands rewritten — bare 'pip install ...'
  doesn't work for curl-installed setups (no pip on PATH, not in repo
  dir); replaced with 'cd ~/.hermes/hermes-agent && uv pip install -e
  ".[voice]"'. ACP already ships in [all] so the curl install includes it.
- cli.md / configuration.md: 'auxiliary.compression.model' shown as
  'google/gemini-3-flash-preview' (the doc's own claimed default);
  actual default is empty (= use main model). Reworded as 'leave empty
  (default) or pin a cheap model'.
- built-in-plugins.md: added the bundled 'kanban/dashboard' plugin row
  that was missing from the table.

Regenerated skill catalogs:
- ran website/scripts/generate-skill-docs.py to refresh all 163 per-skill
  pages and both reference catalogs (skills-catalog.md,
  optional-skills-catalog.md). This adds the entries that were genuinely
  missing — productivity/teams-meeting-pipeline (bundled),
  optional/finance/* (entire category — 7 skills:
  3-statement-model, comps-analysis, dcf-model, excel-author, lbo-model,
  merger-model, pptx-author), creative/hyperframes,
  creative/kanban-video-orchestrator, devops/watchers,
  productivity/shop-app, research/searxng-search,
  apple/macos-computer-use — and rewrites every other per-skill page from
  the current SKILL.md. Most diffs are tiny (one line of refreshed
  metadata).

Validation:
- 'npm run build' succeeded.
- Broken-link count moved 146 -> 155 — the +9 are zh-Hans translation
  shells that lag every newly-added skill page (pre-existing pattern).
  No regressions on any en/ page.

2026-05-09 13:19:51 -07:00

6.5 KiB

Raw Blame History

title	sidebar_label	description
Sherlock — OSINT username search across 400+ social networks	Sherlock	OSINT username search across 400+ social networks

{/* This page is auto-generated from the skill's SKILL.md by website/scripts/generate-skill-docs.py. Edit the source SKILL.md, not this page. */}

Sherlock

OSINT username search across 400+ social networks. Hunt down social media accounts by username.

Skill metadata


Source	Optional — install with `hermes skills install official/security/sherlock`
Path	`optional-skills/security/sherlock`
Version	`1.0.0`
Author	unmodeled-tyler
License	MIT
Platforms	linux, macos, windows
Tags	`osint`, `security`, `username`, `social-media`, `reconnaissance`

Reference: full SKILL.md

:::info The following is the complete skill definition that Hermes loads when this skill is triggered. This is what the agent sees as instructions when the skill is active. :::

Sherlock OSINT Username Search

Hunt down social media accounts by username across 400+ social networks using the Sherlock Project.

When to Use

User asks to find accounts associated with a username
User wants to check username availability across platforms
User is conducting OSINT or reconnaissance research
User asks "where is this username registered?" or similar

Requirements

Sherlock CLI installed: pipx install sherlock-project or pip install sherlock-project
Alternatively: Docker available (docker run -it --rm sherlock/sherlock)
Network access to query social platforms

Procedure

1. Check if Sherlock is Installed

Before doing anything else, verify sherlock is available:

sherlock --version

If the command fails:

Offer to install: pipx install sherlock-project (recommended) or pip install sherlock-project
Do NOT try multiple installation methods — pick one and proceed
If installation fails, inform the user and stop

2. Extract Username

Extract the username directly from the user's message if clearly stated.

Examples where you should NOT use clarify:

"Find accounts for nasa" → username is nasa
"Search for johndoe123" → username is johndoe123
"Check if alice exists on social media" → username is alice
"Look up user bob on social networks" → username is bob

Only use clarify if:

Multiple potential usernames mentioned ("search for alice or bob")
Ambiguous phrasing ("search for my username" without specifying)
No username mentioned at all ("do an OSINT search")

When extracting, take the exact username as stated — preserve case, numbers, underscores, etc.

3. Build Command

Default command (use this unless user specifically requests otherwise):

sherlock --print-found --no-color "<username>" --timeout 90

Optional flags (only add if user explicitly requests):

--nsfw — Include NSFW sites (only if user asks)
--tor — Route through Tor (only if user asks for anonymity)

Do NOT ask about options via clarify — just run the default search. Users can request specific options if needed.

4. Execute Search

Run via the terminal tool. The command typically takes 30-120 seconds depending on network conditions and site count.

Example terminal call:

{
  "command": "sherlock --print-found --no-color \"target_username\"",
  "timeout": 180
}

5. Parse and Present Results

Sherlock outputs found accounts in a simple format. Parse the output and present:

Summary line: "Found X accounts for username 'Y'"
Categorized links: Group by platform type if helpful (social, professional, forums, etc.)
Output file location: Sherlock saves results to <username>.txt by default

Example output parsing:

[+] Instagram: https://instagram.com/username
[+] Twitter: https://twitter.com/username
[+] GitHub: https://github.com/username

Present findings as clickable links when possible.

Pitfalls

No Results Found

If Sherlock finds no accounts, this is often correct — the username may not be registered on checked platforms. Suggest:

Checking spelling/variation
Trying similar usernames with ? wildcard: sherlock "user?name"
The user may have privacy settings or deleted accounts

Timeout Issues

Some sites are slow or block automated requests. Use --timeout 120 to increase wait time, or --site to limit scope.

Tor Configuration

--tor requires Tor daemon running. If user wants anonymity but Tor isn't available, suggest:

Installing Tor service
Using --proxy with an alternative proxy

False Positives

Some sites always return "found" due to their response structure. Cross-reference unexpected results with manual checks.

Rate Limiting

Aggressive searches may trigger rate limits. For bulk username searches, add delays between calls or use --local with cached data.

Installation

pipx (recommended)

pipx install sherlock-project

pip

pip install sherlock-project

Docker

docker pull sherlock/sherlock
docker run -it --rm sherlock/sherlock <username>

Linux packages

Available on Debian 13+, Ubuntu 22.10+, Homebrew, Kali, BlackArch.

Ethical Use

This tool is for legitimate OSINT and research purposes only. Remind users:

Only search usernames they own or have permission to investigate
Respect platform terms of service
Do not use for harassment, stalking, or illegal activities
Consider privacy implications before sharing results

Verification

After running sherlock, verify:

Output lists found sites with URLs
<username>.txt file created (default output) if using file output
If --print-found used, output should only contain [+] lines for matches

Example Interaction

User: "Can you check if the username 'johndoe123' exists on social media?"

Agent procedure:

Check sherlock --version (verify installed)
Username provided — proceed directly
Run: sherlock --print-found --no-color "johndoe123" --timeout 90
Parse output and present links

Response format:

Found 12 accounts for username 'johndoe123':

• https://twitter.com/johndoe123 • https://github.com/johndoe123 • https://instagram.com/johndoe123 • [... additional links]

Results saved to: johndoe123.txt

User: "Search for username 'alice' including NSFW sites"