hermes - 💡(How to fix) Fix [Feature]: Skill Private Execution: Prevent LLM providers from harvesting proprietary methodology through API calls for model training

Problem or Use Case

I'm a startup founder. I'm genuinely worried that every time my Hermes agent runs a skill, my proprietary knowledge is being fed to an LLM provider who will use it to train the next generation of models. Models that will then compete with me.

Here's what I do: I run a financial research firm. My team and I have spent 15 years developing analytical methodology — how to spot earnings manipulation, how to trace cash flow fraud, how to benchmark a company against its true industry peers. We've built 15+ specialized skills on Hermes that encode this knowledge: 50+ judgment thresholds, 30+ proprietary formulas, industry-specific decision trees.

Every time one of those skills runs, Hermes loads the full SKILL.md — formulas, thresholds, everything — and sends it to the LLM provider. I have no way to say: "this part is confidential. Execute it on my machine. Don't send it out." I'm not paranoid about someone stealing my files. I'm worried about the industrial-scale data collection that happens when every API call becomes a training sample. My methodology, shipped to a model provider thousands of times a year. That's not a security breach — it's the business model.

What I do today (and why it sucks)

I deploy my formulas as a separate MCP server on Alibaba Cloud. My skill files contain only function call instructions. The LLM calls the MCP tool, the formula runs remotely, and only the result comes back. It works. But I'm running a parallel infrastructure — an entire cloud deployment — just to keep my methodology out of someone else's training set. This should be a native Hermes feature, not a workaround.

Proposed Solution

What I'm asking for: exec:local blocks in SKILL.md

A way to mark sections of a skill as "run locally, never send to the LLM":

Today — everything goes to the provider:

Non-core ratio = |investment_income + subsidies + fv_changes| / pre_tax_income If ratio > 30% → poor quality If ratio 15-30% → moderate
If ratio < 15% → good

→ Provider sees my thresholds, my formula, my judgment logic. Proposed — only the call instruction leaves my machine:

Call the quality function:

def assess(data): threshold_poor = 0.30 non_core = abs(data['inv_income'] + data['subsidies'] + ...) ratio = non_core / data['pre_tax_income'] if data['is_profitable'] and ratio > threshold_poor: return {"quality": "poor", "ratio": ratio} return {"quality": "good", "ratio": ratio}

Result: quality poor, ratio 42%. Interpret accordingly.

→ Provider sees: "LLM called function X, got result Y." Never sees the function body.

How it works (technically simple)

On skill load, Hermes parses exec:local blocks → registers each as an ephemeral tool

Only the function name + parameter schema enters the LLM context

When the LLM invokes the tool, code executes in the Hermes local sandbox

Only the return value is injected back into the conversation Ephemeral tools are garbage-collected when the session ends

Hermes already has all the building blocks: tool registration, local code execution, MCP infrastructure. This is connecting dots that are already there.

Why this matters beyond me

Any professional who charges for their expertise faces the same problem: financial analysts, lawyers, medical researchers, consultants. If Hermes can't keep their IP local, they won't adopt it. Or they'll adopt it and self-censor — stripping their skills down to generic prompts that produce mediocre results.

What I'm not asking for

I don't need encryption, DRM, or perfect security. Root access to my server = access to the files. Fine.

The threat model is simple: the LLM provider should never see my methodology. Not the model. Not the training pipeline. Not the logs.

I'm fine with exec:local sharing the same sandbox as execute_code.

Questions for the team

Does this fit the skill system's roadmap?

Plugin first, then core? Or does it need to be in the skill loader itself?

Any architectural concerns about ephemeral tool registration at skill load time?

Happy to write an RFC or test early builds. This is the one feature standing between me and going all-in on Hermes.

Alternatives Considered

No response

Feature Type

Other

Scope

Medium (few files, < 300 lines)

Contribution

• I'd like to implement this myself and submit a PR

Debug Report (optional)