Prerequisites
- An existing OpenClaw install you have shell access to
- Docker installed
- The new Hermes API key for your LLM provider
Steps
- Snapshot OpenClaw state
Before touching anything, copy everything OpenClaw has on disk so you can roll back.
OPENCLAW_HOME=${OPENCLAW_HOME:-$HOME/.openclaw} mkdir -p ~/openclaw-snapshot-$(date +%Y%m%d) cp -r "$OPENCLAW_HOME/config" ~/openclaw-snapshot-$(date +%Y%m%d)/ cp -r "$OPENCLAW_HOME/tools" ~/openclaw-snapshot-$(date +%Y%m%d)/ cp -r "$OPENCLAW_HOME/memory" ~/openclaw-snapshot-$(date +%Y%m%d)/ cp "$OPENCLAW_HOME/credentials.json" ~/openclaw-snapshot-$(date +%Y%m%d)/credentials.json 2>/dev/null || true cp "$OPENCLAW_HOME/agent.log" ~/openclaw-snapshot-$(date +%Y%m%d)/ 2>/dev/null || true - Rotate every credential the OpenClaw vault touched
Especially if you're on pre-2026.3 OpenClaw — credentials may have been stored in plaintext (CVE-2026-25103). Treat them as compromised.
- Install Hermes Agent
Pull the official Docker image, prepare a working directory.
mkdir -p ~/hermes && cd ~/hermes docker pull nousresearch/hermes-agent:2026.4.4 - Port tool definitions
OpenClaw tools are JSON; Hermes wants YAML with explicit sandbox blocks. A small Python script automates the boring 80%.
pip install pyyaml cat > ~/migrate-tools.py <<'EOF' import json, yaml from pathlib import Path src = Path.home() / ".openclaw/tools" dst = Path.home() / "hermes/tools" dst.mkdir(parents=True, exist_ok=True) DEFAULT_SANDBOX = { "network": "deny", "filesystem": {"read": ["/workspace"], "write": []}, "resources": {"cpu_quota": 50, "memory_mb": 256}, } for tool_file in src.glob("*.json"): tool = json.loads(tool_file.read_text()) tool["sandbox"] = DEFAULT_SANDBOX out = dst / f"{tool['name']}.yaml" out.write_text(yaml.safe_dump(tool, sort_keys=False)) print(f"migrated {tool['name']}") EOF python3 ~/migrate-tools.py - Review every ported tool
The default sandbox is restrictive on purpose. Tools that legitimately need network access or write permissions need their YAML edited by hand. This is the part that catches most migrations — don't skip it.
- Set up Hermes credential vault
Use Hermes' encrypted vault (or OS keyring if your host supports it). Add credentials one at a time.
docker run --rm -v ~/hermes:/data \ nousresearch/hermes-agent:2026.4.4 vault init docker run --rm -it -v ~/hermes:/data \ nousresearch/hermes-agent:2026.4.4 vault add anthropic_api_key # Paste your Anthropic key, press Ctrl-D - Start Hermes
Launch with Docker Compose using your ported tools.
cat > ~/hermes/docker-compose.yml <<'EOF' services: hermes: image: nousresearch/hermes-agent:2026.4.4 container_name: hermes restart: unless-stopped volumes: - ./tools:/etc/hermes/tools - ./data:/data ports: - "127.0.0.1:8765:8765" EOF cd ~/hermes && docker compose up -d - Smoke test
Run a basic task to verify the agent works. Watch the logs to confirm no sandbox errors on the ported tools.
docker compose logs -f hermes - Decommission OpenClaw
When Hermes is verified working, stop and uninstall OpenClaw. Keep the snapshot directory at least 30 days in case you need to roll back.
# Stop the service (systemd): systemctl --user stop openclaw systemctl --user disable openclaw # Or for non-systemd: pkill -f openclaw # Remove the install: rm -rf ~/.openclaw # Don't rm -rf the snapshot directory yet.
Troubleshooting
- Tool fails with sandbox violation
- Edit the tool's YAML to add the specific allowance it needs. Don't disable the sandbox entirely — that defeats the point.
- Hermes can't read the credential vault
- Check file permissions on the vault file (mode 0400, owner-only). If you mounted ~/hermes into the container, the in-container user needs to match the file owner.
Where to go from here
Subscribe to Hermes Agent's security advisory feed. Configure an automatic update path (Watchtower for Docker, with caveats — read the documentation before enabling).