Hermes Agent replies a pairing code when encountering a private message from a stranger, which is usually not a leak or a bot convulsion, but the default authorization policy. The official configuration document clearly states: unauthorized_dm_behavior: pair is the default. This means that unauthorized users will be denied execution, but will receive a one-time matching code.
What is this design for?
Instead of releasing directly, it gives you a controlled entry point for authorization. This way, Hermes Agent doesn't treat strangers as authorized users, and they don't become so silent that you can't see what's going on.
If you don't want to
If you change the policy to ignore, the stranger's private messages will be silently discarded and will no longer return the matching code. Platform-level configurations can also cover global configurations, so you can also change quiet mode to just one platform.
In a word: When a stranger receives a pairing code in a private message, it does not mean that the permission is too large, but the default authorization mode is pair.
Official open source address: https://github.com/NousResearch/hermes-agent; Official document entry: https://hermes-agent.nousresearch.com/.
