Permissions and Safety: An Honest Checklist

An AI assistant that can read your files, send your messages, browse the web, and run programs is useful precisely because it has real access. That same access is a real responsibility. This lesson is the honest part of the course. It explains the risks plainly and gives you a practical checklist so you can use Hermes confidently without exposing yourself to avoidable trouble.

What You'll Learn

• Why a useful agent needs broad permissions, and why that is risky
• The specific risks to watch for: irreversible actions, untrusted skills, and runaway cost
• A practical safety checklist you can apply from day one
• How to keep a human in the loop without giving up the benefits

The Core Tradeoff

Hermes becomes more useful as you give it more access. An assistant that can only read one folder is limited. One that can read your email, your files, and your messages, and act on them, can genuinely take work off your plate. So the pressure is always to grant more.

The risk is the mirror image. The more an agent can do, the more damage a mistake or a bad instruction can cause. An agent that can send messages could send the wrong one. An agent that can delete files could delete the wrong ones. An agent following a malicious instruction hidden in a document it reads could be tricked into doing something you never intended. This last category, where harmful instructions are smuggled into content the agent processes, is a known class of risk with AI agents and worth taking seriously.

None of this means you should not use Hermes. It means you should grant access deliberately, not all at once, and keep oversight where it counts.

The Specific Risks

Irreversible actions. Some actions cannot be undone: deleting files, sending a message, making a payment, posting publicly. These deserve a human check before they happen.

Untrusted skills. Hermes can use skills, including ones written by others. A skill is essentially a set of instructions the agent follows, so a skill from an unknown source could tell your agent to do something harmful. Treat third-party skills the way you would treat any code or browser extension from a stranger.

Runaway cost. Because the thinking is done by a language model you pay for, an agent stuck in a loop or handed an enormous task can run up usage faster than you expect. This is a financial risk, not just a technical one.

Over-broad permissions. Granting access to your entire system "just in case" means a single mistake or compromise has a large blast radius. Narrow access limits the damage.

Sensitive data exposure. If you use a cloud language-model backend, the content you give Hermes is sent to that provider. Be mindful about feeding it secrets, credentials, or data you are not allowed to share externally.

Your Practical Safety Checklist

Apply these from your very first session. They are ordered roughly from most to least important.

• Start sandboxed. Begin with Hermes pointed at a limited, low-stakes area: a single test folder, a throwaway messaging channel, a small budget. Expand only once you trust how it behaves. Hermes supports isolation options for running it in a contained way; use them while you are learning.
• Keep a human in the loop for irreversible actions. Require your approval before Hermes deletes anything, sends a message on your behalf, makes a payment, or posts publicly. Reversible actions can be more automatic; irreversible ones should pause for you.
• Only install trusted skills. Use the built-in skills and skills from sources you trust. Read a skill before you add it, the same way you would glance at a script before running it. If you cannot tell what a skill does, do not install it.
• Scope permissions narrowly. Give Hermes access to what a task needs and no more. If it only needs your notes folder, do not hand it your whole home directory. You can always grant more later.
• Watch your API costs. Check your language-model provider's usage dashboard regularly, especially in the first weeks and after setting up any scheduled automation. Set a spending limit with your provider if it offers one.
• Be careful what you feed it. Avoid pasting passwords, API keys, or confidential data into a cloud-backed agent. If you must work with sensitive data, prefer a local model backend so nothing leaves your machine.
• Review its memory and skills. Because everything is stored locally in ~/.hermes/ and is readable, periodically look at what Hermes has remembered and what skills it has written. Delete anything that is wrong or that you would rather it forget.
• Keep it updated. Self-hosted software is your responsibility to maintain. Apply updates so you get security fixes.

Keeping a Human in the Loop Without Losing the Benefit

The goal is not to supervise every keystroke. That would defeat the purpose of an assistant. The goal is to draw a clear line between actions that are safe to let run and actions that need a glance from you first.

A simple way to think about it: if an action is reversible and low-cost, it is usually fine to let Hermes do it freely. If an action is irreversible, public, or costs money, route it through your approval. Over time you will get a feel for where your own line sits. Start cautious. It is far easier to loosen the reins once you trust the assistant than to undo a mistake made with too much freedom too soon.

Key Takeaways

• A useful agent needs broad access, and that access is a genuine security responsibility.
• The main risks are irreversible actions, untrusted skills, runaway model cost, over-broad permissions, and exposing sensitive data.
• Start sandboxed, keep a human approving irreversible actions, and only install skills you trust.
• Scope permissions narrowly, watch your provider's usage dashboard, and review the local memory and skills regularly.
• Begin cautious and loosen control as trust grows; it is easier than undoing an early mistake.