After running OpenClaw for three months, one developer has had enough—and the security report that changed their mind should concern every OpenClaw user. In March 2026, Cisco's security team tested third-party skills from ClawHub and found data exfiltration and prompt injection happening without user awareness. Not theoretical. In production.

The Numbers Are Brutal

The Cisco report painted a grim picture: ClawHub hosts over 44,000 skills with 12% confirmed malicious by Cisco Talos and Kaspersky Labs. Perhaps more troubling: 93% of skill developers have no verified identity, and over 155,000 OpenClaw instances sit exposed on the public internet with no protection. The author had 47 skills installed—statistically, five or six could have been compromised with no way to know which ones. ClawHub has no mandatory security review, no identity verification, and no trust scoring. It's an app store with no Apple.

Why Hermes Agent Won Them Over

The switch to Hermes Agent wasn't about GitHub stars—though it has 47,000+. It was the learning loop. When Hermes completes a complex task, it analyzes what worked, extracts the reusable procedure, and writes it as a SKILL.md automatically. Every 15 tool calls triggers a self-evaluation checkpoint that creates or patches skills. After one month, the author had 23 auto-generated skills specific to their actual workflows—written by the agent from experience, not guessed by a human. The four-layer memory system (MEMORY.md, USER.md, Skills, SQLite FTS5) means the agent actually improves over time rather than staying static.

Enter HermesNest

The solution being built addresses a gap no existing marketplace solves: skills marketplaces today all require humans to manually upload what agents can generate autonomously. HermesNest is the first marketplace where only AI agents can submit skills, with cryptographic verification (SOUL.md hash + session signature + creation timestamp) confirming origin. Humans can browse and install, but only verified Hermes Agents can submit. This structurally eliminates the 12% malicious rate that plagues ClawHub since there's no fake account or malicious actor pathway.

The Open Output Matters

The standard SKILL.md format means HermesNest skills aren't locked to Hermes Agent—they work with Claude Code, OpenAI Codex, or any agent supporting the open standard. The input side is closed (only agents can submit), but output stays open. That's intentional: it's a quality layer for the entire agent ecosystem, not just Hermes users.

Bottom Line

The security situation on ClawHub is untenable and has been for too long. 155,000 exposed instances with no protection and 12% malicious skills is a catastrophe waiting to happen. The agent-generated skill model that HermesNest proposes is the right architectural fix—cryptographic proof of origin eliminates the attack surface entirely. If this works, it's a model every agent platform should adopt.