Hermes Agent’s MCP support is robust: native stdio/HTTP servers, OAuth, catalog installs, per-tool filtering, and sampling controls. The official catalog is still small, but MCP’s broader ecosystem is moving fast — and the security model requires treating every server like executable code plus a prompt-injection surface.
Hermes connects to MCP servers at startup, discovers tools, and registers them as first-class Hermes tools with names like mcp_server_tool. It supports local stdio servers and remote HTTP/StreamableHTTP servers.
hermes mcp or hermes mcp picker.hermes mcp catalog.hermes mcp install <name>.hermes mcp add <name> --url ... or --command ....hermes mcp configure <name>.The official Hermes docs point to repo manifests under optional-mcps/ as the reviewed catalog. The fetched snapshot showed two catalog entries:
Caveat: this is a fast-moving catalog; the page should be treated as a dated snapshot, not a permanent inventory.
MCP tools expose names, descriptions, resources, and prompts to the model. A malicious server can hide instructions in those descriptions, influencing the agent before the user intentionally calls that tool.
One malicious MCP can try to shape how the model uses other tools, e.g. by telling it to exfiltrate secrets through a trusted-looking workflow or to prefer the malicious tool.
Local stdio MCPs may run npx, uvx, bootstrap scripts, package installs, or cloned repo code. That is not just “configuration”; it is code execution.
env are passed.tools.include, tools.exclude, and toggles for resources/prompts.sampling: { enabled: false } for untrusted servers.~/.hermes/mcp-tokens/.One research track used Grok/X Search and Reddit-accessible pages. Direct Hermes-specific “I use this MCP in Hermes” evidence was limited; the ranking below separates catalog/Hermes relevance from general MCP popularity.
Foundational for local coding agents: read/write project files, inspect repos, and support daily development loops. Very strong general MCP signal.
Popular for issues, pull requests, repo inspection, code review, and replacing ad-hoc API/CLI steps in engineering workflows.
Important because it is both broadly discussed and present in the Hermes catalog snapshot. Good fit for agentic project-management workflows.
Present in the Hermes catalog snapshot. Useful if the user already relies on n8n for automations and wants agents to inspect or manage workflows.
Strong coding-agent buzz for up-to-date framework/library docs. Helpful when agents hallucinate stale APIs.
Commonly discussed for browser automation, testing, scraping, and form workflows. Also a higher-risk class because it touches web pages and user sessions.
Useful for research agents: search, fetch pages, summarize, and cite. Community signal is broad rather than Hermes-specific.
Workspace MCPs are frequently paired with GitHub and Linear for docs, status updates, team chat, and knowledge retrieval.
Reddit discussions show strong interest in persistent memory and codebase-intelligence MCPs to reduce repeated context-loading.
Database MCPs help with schema/query debugging; Jira and Home Assistant are strong in their communities; managed hubs like Composio trade convenience for broader trust/security questions.
$HOME.mcp_servers:
example:
command: "npx"
args: ["-y", "trusted-mcp-package"]
tools:
include: ["safe_read_only_tool"]
resources: false
prompts: false
sampling:
enabled: falseGrok/X Search was used for current X chatter. Reddit signal came from accessible old.reddit/search result pages and thread URLs; Reddit’s JSON API was blocked during research.
Research note: I also attempted to launch a separate cheap open-model reviewer via OpenRouter openai/gpt-oss-20b, but this environment had no OpenRouter API key configured. The completed research used isolated Hermes subagents plus Grok/X Search for X signal.