by awizemann
Native macOS and iOS App for the Hermes AI agent — multi-window, multi-server (local + remote over SSH). Chat, dashboard, sessions, memory, cron, MCP, and more.
# Add to your Claude Code skills
git clone https://github.com/awizemann/scarfLast scanned: 5/16/2026
{
"issues": [],
"status": "PASSED",
"scannedAt": "2026-05-16T06:21:44.588Z",
"semgrepRan": false,
"npmAuditRan": true,
"pipAuditRan": true
}scarf is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by awizemann. Native macOS and iOS App for the Hermes AI agent — multi-window, multi-server (local + remote over SSH). Chat, dashboard, sessions, memory, cron, MCP, and more. It has 724 GitHub stars.
Yes. scarf passed SkillsLLM's automated security scan — a dependency vulnerability audit plus prompt-injection heuristics — with no high-severity issues. You can read the full report in the Security Report section on this page.
Clone the repository with "git clone https://github.com/awizemann/scarf" and add it to your Claude Code skills directory (see the Installation section above).
scarf is primarily written in Swift. It is open-source under awizemann on GitHub, so you can review or fork the full source.
Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh scarf against similar tools.
No comments yet. Be the first to share your thoughts!
A focused connection-reliability patch.
~/.hermes lives inside a container, config reads now fall back through the Hermes CLI wrapper (config path, then a config show probe), so the chat preflight stops demanding a model that's already configured and Settings explains the bind-mount fix instead of "not found". Ships to ScarfGo with the next TestFlight build. (#112)See the full v2.16.1 release notes.
Scarf now targets the Hermes v0.18 line — audited against v0.18.0 (v2026.7.1) and re-audited against the v0.18.1/v0.18.2 patches — and the audits fixed long-standing bugs along the way.
messages.compacted column and widens search to match Hermes exactly; /undo-rewound rows stay hidden, and the chat transcript still shows only the live conversation.web_tools.* config keys Hermes never reads (the real block is web.*), so every backend choice was a silent no-op. Both the write and read sides now use the real keys; if you'd set backends before, re-pick them once.run_claim double-execution guard. Scarf now preserves every key it doesn't model, so future Hermes job fields can never be stripped again — and the pre-run script + cron expression now use the keys Hermes actually reads (script, expr).custom/custom:* providers serve their own model namespace, so a slash in the model ID no longer triggers the "model/provider mismatch" banner (same class as 2.15.1's aggregator fix, #121).See the full v2.16.0 release notes.
A focused patch for anyone running Hermes on an aggregator provider (OpenRouter, OpenCode, KiloCode, Hugging Face, NovitaAI).
xiaomi/mimo-v2.5 are org/model namespaced, and Scarf's preflight misread the slash as a stale provider prefix; both of the banner's one-click "fixes" would have broken a working config.yaml. The check now skips aggregators (including Hermes's bare-openai → OpenRouter alias). (#121)claude/… vs anthropic, x-ai/… vs xai) no longer read as mismatches, and a prefix that isn't any provider Hermes knows can no longer be written into config.yaml; the genuine stale-prefix protection is unchanged.scripts/check-hermes-tables.py), verified against the exact Hermes v0.16.0 tag.See the full v2.15.1 release notes.
Projects grow up — the biggest Projects update since v2.3. A project becomes a first-class object with its own mission-control pane, and gains three new powers. (Skips 2.14; this is a feature release, not a Hermes-compat one.)
WKWebView (no network, scoped assets, symlink-contained file reads) with default-deny permissions you review on first open. A mini-app's scarf.prompt(...) gets its own isolated, rate-limited hermes acp session — it can't reach your chats. Build one with the scarf-miniapp-author skill, or have Upgrade Project generate a starter. (v1 wires the read + prompt surfaces; kanban:write / file:write / net are declared but not yet enabled.)AGENTS.md / CLAUDE.md / .cursorrules automatically (new, resumed, and reconnected chats). Treat a project's context files like its code — only open chats in projects you trust.See the full v2.15.0 release notes.
ScarfGo — the iOS companion — gets Hermes profile switching, plus a remote-chat/Settings reliability fix that anyone running ScarfGo over SSH will feel. The shared-core pieces ride into the Mac app too.
hermes call at that profile for the selected server. It uses per-connection scoping and never runs hermes profile use, so it doesn't touch the host's active_profile — your Mac, terminal, cron, and running gateway keep their own profile. (Create / rename / delete / import / export stay Mac-only.) (#120)See the full v2.13.0 release notes.
A coordinated catch-up to Hermes v0.17.0 (2026.6.19) — the largest Hermes release yet, though Scarf needed only a focused slice — plus a remote-chat performance fix everyone on SSH will feel. Every new v0.17 surface is capability-gated, so pre-v0.17 hosts render byte-identical to v2.11.0; all flag/config/wire shapes were verified against the live v0.17 source.
hermes audit → security audit), xAI model migration (was dry-run only — now --apply), browser-tools setup (--assume-yes → --yes), and the no-op WhatsApp