Add Skills Hub — universal skill search, install, and management from online registries

Implements the Hermes Skills Hub with agentskills.io spec compliance, multi-registry skill discovery, security scanning, and user-driven management via CLI and /skills slash command. Core features: - Security scanner (tools/skills_guard.py): 120 threat patterns across 12 categories, trust-aware install policy (builtin/trusted/community), structural checks, unicode injection detection, LLM audit pass - Hub client (tools/skills_hub.py): GitHub, ClawHub, Claude Code marketplace, and LobeHub source adapters with shared GitHubAuth (PAT + gh CLI + GitHub App), lock file provenance tracking, quarantine flow, and unified search across all sources - CLI interface (hermes_cli/skills_hub.py): search, install, inspect, list, audit, uninstall, publish (GitHub PR), snapshot export/import, and tap management — powers both `hermes skills` and `/skills` Spec conformance (Phase 0): - Upgraded frontmatter parser to yaml.safe_load with fallback - Migrated 39 SKILL.md files: tags/related_skills to metadata.hermes.* - Added assets/ directory support and compatibility/metadata fields - Excluded .hub/ from skill discovery in skills_tool.py Updated 13 config/doc files including README, AGENTS.md, .env.example, setup wizard, doctor, status, pyproject.toml, and docs.
2026-02-18 16:09:05 -08:00 · 2026-02-18 16:09:05 -08:00 · 14e59706b7
commit 14e59706b7
parent d59e93d5e9
59 changed files with 4416 additions and 97 deletions
--- a/hermes_cli/doctor.py
+++ b/hermes_cli/doctor.py
@ -380,6 +380,37 @@ def run_doctor(args):
    except Exception as e:
        check_warn("Could not check tool availability", f"({e})")
    
+    # =========================================================================
+    # Check: Skills Hub
+    # =========================================================================
+    print()
+    print(color("◆ Skills Hub", Colors.CYAN, Colors.BOLD))
+
+    hub_dir = PROJECT_ROOT / "skills" / ".hub"
+    if hub_dir.exists():
+        check_ok("Skills Hub directory exists")
+        lock_file = hub_dir / "lock.json"
+        if lock_file.exists():
+            try:
+                import json
+                lock_data = json.loads(lock_file.read_text())
+                count = len(lock_data.get("installed", {}))
+                check_ok(f"Lock file OK ({count} hub-installed skill(s))")
+            except Exception:
+                check_warn("Lock file", "(corrupted or unreadable)")
+        quarantine = hub_dir / "quarantine"
+        q_count = sum(1 for d in quarantine.iterdir() if d.is_dir()) if quarantine.exists() else 0
+        if q_count > 0:
+            check_warn(f"{q_count} skill(s) in quarantine", "(pending review)")
+    else:
+        check_warn("Skills Hub directory not initialized", "(run: hermes skills list)")
+
+    github_token = os.environ.get("GITHUB_TOKEN") or os.environ.get("GH_TOKEN")
+    if github_token:
+        check_ok("GitHub token configured (authenticated API access)")
+    else:
+        check_warn("No GITHUB_TOKEN", "(60 req/hr rate limit — set in ~/.hermes/.env for better rates)")
+
    # =========================================================================
    # Summary
    # =========================================================================