overthinkos/hermes-full-layer
hermes/skills/hermes-full-layer/SKILL.md
Hermes agent with AI CLIs (Claude Code, Codex, Gemini), developer tools, DevOps tools, and charly. Use when working with the hermes-full metalayer or full-featured standalone hermes deployments.
tools
Updated Jun 11, 2026
$ install --global
skillsauthnpx skillsauth add overthinkos/overthink-plugins hermes-full-layerInstall this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: Jun 11, 2026, 7:08 AM172.3s1 file scanned
SKILL.md
- name:
- hermes-full-layer
- description:
- |
Candy: hermes-full
Metalayer composing Hermes AI agent with a complete tool suite for standalone deployment. No browser included — use with selkies-desktop via cross-container env_provide: BROWSER_CDP_URL for shared browser automation.
Composition
candy:
- hermes # AI agent with browser tools, MCP, LLM auto-config
- claude-code # Anthropic Claude Code CLI
- codex # OpenAI Codex CLI
- gemini # Google Gemini CLI
- dev-tools # bat, ripgrep, neovim, gh, direnv, fd-find, htop, etc.
- devops-tools # AWS CLI, Scaleway, kubectx, OpenTofu, wrangler, jq, rsync
- charly # OpenCharly CLI for in-container management
- tmux # Terminal multiplexer for persistent sessions
Browser Integration
The hermes candy declares env_accept: BROWSER_CDP_URL. When deployed alongside a selkies-desktop container, the chrome candy's env_provide injects BROWSER_CDP_URL=http://charly-selkies-desktop:9222 into the hermes quadlet via charly config --update-all. Hermes browser tools (browser_navigate, browser_click, browser_snapshot) then control the desktop Chrome across the container network.
Without a browser provider, hermes browser tools fall back to local headless mode (requires hermes-playwright candy) or are unavailable.
Usage
# charly.yml
hermes:
base: fedora
candy:
- agent-forwarding
- hermes-full
- dbus
Related Candies
/charly-hermes:hermes— Core Hermes agent (LLM providers, MCP, browser dispatch)/charly-coder:claude-code— Anthropic Claude Code CLI/charly-coder:codex— OpenAI Codex CLI/charly-coder:gemini— Google Gemini CLI/charly-coder:dev-tools— Developer CLI utilities/charly-coder:devops-tools— Cloud and infrastructure tools/charly-tools:charly— OpenCharly CLI binary/charly-infrastructure:tmux-layer— Terminal multiplexer for persistent sessions (charly tmuxcommands)/charly-selkies:chrome— ProvidesBROWSER_CDP_URL(cross-container, from selkies-desktop)/charly-selkies:chrome-devtools-mcp— Chrome DevTools MCP server (auto-discovered viamcp_provide, 29 tools)/charly-jupyter:jupyter-mcp— JupyterLab CRDT MCP server (auto-discovered viamcp_provide, 11 tools: notebook_/cell_ + notebook_list_users + room_list; auto-attach single-room invariant)/charly-build:charly-mcp-cmd— host-side MCP client (charly eval mcp ping|list-tools|call|...) to verify either of the above is alive and exposing the expected tool catalog before hermes tries to invoke them
Related Boxes
/charly-hermes:hermes— Standalone full-featured hermes box/charly-hermes:hermes-playwright— Hermes with local Playwright Chromium
When to Use This Skill
Use when working with the hermes-full metalayer, full-featured standalone hermes deployments, or the composition of hermes with AI CLIs and developer tools.
Related
/charly-image:layer— candy authoring reference (charly.ymlschema, task verbs, service declarations)/charly-eval:eval— declarative testing (eval:block,charly eval box,charly eval live)
Related Skills
overthinkos/charly
tools
VerifiedTrustedCommunity
OpenCharly CLI (charly) binary installed into container/VM images for in-container use. Use when working with charly binary deployment inside containers, native D-Bus support, or the full charly toolchain (charly binary + virtualization + gocryptfs + socat).
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-cachyos
development
VerifiedTrustedCommunity
Operator CachyOS workstation profile — a kind:local template + target:local deploy that installs the full dev stack (30 candies) onto a CachyOS host via ShellExecutor. Lives in the overthinkos/cachyos submodule. MUST be invoked before editing or applying the charly-cachyos workstation profile.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-fedora
tools
VerifiedTrustedCommunity
Fedora box with the full charly toolchain using shared candies. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Same candy list as charly-arch. Includes NVIDIA GPU runtime. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-fedora box.
SKILL.mdUpdated Jun 10, 2026
overthinkos/charly-arch
tools
VerifiedTrustedCommunity
Arch Linux box with the full charly toolchain. Rootless-first — runs as uid=1000 with passwordless sudo (no root, no cap_add: ALL). Composes /charly-coder:charly-mcp so the box is reachable as an MCP gateway on port 18765. NVIDIA GPU runtime composed in. MUST be invoked before building, deploying, configuring, or troubleshooting the charly-arch box.
SKILL.mdUpdated Jun 10, 2026