Hermes Imports
Sanitize a repeated Hermes operator workflow into a public ECC skill and release-pack artifacts without leaking paths, tokens, or private data.
Overview
Hermes Imports is an agent skill most often used in Build (also Ship) that converts repeated Hermes operator workflows into sanitized ECC skills safe for public reuse.
Install
npx skills add https://github.com/affaan-m/everything-claude-code --skill hermes-importsWhat is this skill?
- Converts local Hermes workflows into ECC-ready skills with explicit import rules
- Sanitization checklist targets absolute paths, ~/.hermes paths, credentials, and live account names
- Maps private identifiers to role labels such as operator, default profile, or workspace owner
- Blocks shipping raw exports, tokens, OAuth files, health, CRM, or finance data
- Keeps examples narrow and operational for public ECC reuse
Adoption & trust: 1.9k installs on skills.sh; 210k GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
Your best Hermes workflow is stuck on one machine full of local paths, account names, and credential hints—you cannot ship it as a reusable skill yet.
Who is it for?
Operators who already use Hermes and ECC and need a repeatable sanitization pass before publishing agent skills.
Skip if: One-off personal automations that require private datasets to be meaningful—those should stay local per the skill’s own import rules.
When should I use this skill?
A Hermes workflow has repeated enough to become reusable, a local operator prompt should become a public ECC skill, or publication needs path and credential sanitization.
What do I get? / Deliverables
You get a scrubbed ECC skill and release-pack style artifacts ready to commit, with private state removed and operational examples preserved.
- Sanitized ECC skill
- Release-pack / handoff documentation artifacts
Recommended Skills
Journey fit
Spans multiple journey phases - primary shelf plus alternate fits below.
Publishing reusable agent skills is core Build/agent-tooling work, even though sanitization also matters before Ship. Agent-tooling is where operator shells become shareable SKILL.md packages for Claude Code-style ecosystems.
Where it fits
Turn a repeated Hermes content pipeline into an ECC skill with placeholders instead of ~/ paths.
Produce sanitized handoff docs for a research workflow without personal account names.
Run the import checklist before tagging a public release so tokens and CRM exports never land in git.
How it compares
Governance for skill packaging from Hermes—not a generic markdown linter or a secrets-scanning MCP by itself.
Common Questions / FAQ
Who is hermes-imports for?
Hermes Imports is for solo builders and operators who maintain ECC skills and need to lift stable Hermes workflows into public repos without data leaks.
When should I use hermes-imports?
Use it in Build/agent-tooling when a Hermes prompt has repeated enough to become a skill, and in Ship/security review before you publish launch, content, research, or engineering workflows.
Is hermes-imports safe to install?
The skill is designed to reduce risk before publication; still review the Security Audits panel on this page and manually verify no secrets remain after sanitization.
SKILL.md
READMESKILL.md - Hermes Imports
# Hermes Imports Use this skill when turning a repeated Hermes workflow into something safe to ship in ECC. Hermes is the operator shell. ECC is the reusable workflow layer. Imports should move stable patterns from Hermes into ECC without moving private state. ## When To Use - A Hermes workflow has repeated enough times to become reusable. - A local operator prompt should become a public ECC skill. - A launch, content, research, or engineering workflow needs sanitized handoff docs. - A workflow mentions local paths, credentials, personal datasets, or private account names that must be removed before publication. ## Import Rules - Convert local paths to repo-relative paths or placeholders. - Replace live account names with role labels such as `operator`, `default profile`, or `workspace owner`. - Describe credential requirements by provider name only. - Keep examples narrow and operational. - Do not ship raw workspace exports, tokens, OAuth files, health data, CRM data, or finance data. - If the workflow requires private state to make sense, keep it local. ## Sanitization Checklist Before committing an imported workflow, scan for: - absolute paths such as `/Users/...` - `~/.hermes` paths unless the doc is explicitly explaining local setup - API keys, tokens, cookies, OAuth files, or bearer strings - phone numbers, private email addresses, and personal contact graphs - client names, family names, or account names that are not already public - revenue, health, or CRM details - raw logs that include tool output from private systems ## Conversion Pattern 1. Identify the repeatable operator loop. 2. Strip private inputs and outputs. 3. Rewrite local paths as repo-relative examples. 4. Turn one-off instructions into a `When To Use` section and a short process. 5. Add concrete output requirements. 6. Run a secret and local-path scan before opening a PR. ## Example: Launch Handoff Local Hermes prompt: ```text Read my local workspace files and finalize launch copy. ``` ECC-safe version: ```text Use the public release pack under docs/releases/<version>/. Return one X thread, one LinkedIn post, one recording checklist, and the missing assets list. ``` ## Example: Quiet-Hours Operator Job Local Hermes job: ```text Run my private inbox, finance, and content checks overnight. ``` ECC-safe version: ```text Describe the scheduler policy, the quiet-hours window, the escalation rules, and the categories of checks. Do not include private data sources or credentials. ``` ## Output Contract Return: - candidate ECC skill name - sanitized workflow summary - required public inputs - private inputs removed - remaining risks - files that should be created or updated