HyperStack — Agent Provenance Graph
v1.0.26The Agent Provenance Graph for AI agents — the only memory layer where agents can prove what they knew, trace why they knew it, and coordinate without an LLM...
⭐ 1· 1.5k·3 current·3 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description (agent provenance graph) align with required env vars (HYPERSTACK_API_KEY, HYPERSTACK_WORKSPACE), the SKILL.md describes only network calls to the HyperStack API and optional self-hosting. No unrelated credentials or binaries are requested.
Instruction Scope
Runtime instructions focus on calling HyperStack API tools (hs_store, hs_smart_search, etc.) and explicitly document input-trust rules and not executing card content. The README/SKILL include self-hosting examples that reference DATABASE_URL, JWT_SECRET, and OPENAI_API_KEY for a self-hosted instance; these are not required for the hosted API use but are relevant if you self-host. The SKILL.md also includes guidance to detect prompt-injection strings (which triggered the scanner) — this is intentional.
Install Mechanism
This is an instruction-only skill (no install spec) so nothing will be written by the skill itself. The docs recommend using npx/npm packages and a Docker image for optional MCP server or self-hosting; users should verify the integrity of those third-party packages/images before running them (npx and Docker pull are external actions, not automated by the skill).
Credentials
Only HYPERSTACK_API_KEY (primary) and HYPERSTACK_WORKSPACE are required by the skill — appropriate for an API-backed service. An optional HYPERSTACK_AGENT_SLUG is documented. The README mentions additional secrets for self-hosting (DB, JWT, OpenAI) which are normal for running your own instance but are not required for using the hosted API.
Persistence & Privilege
always is false and the skill is user-invocable; it does not request elevated platform privileges, local exec, or filesystem access. Autonomous invocation is allowed (platform default) but the skill's declared permissions explicitly limit local execution and file access.
Scan Findings in Context
[prompt-injection-ignore-previous-instructions] expected: Scanner flagged the phrase pattern (e.g., 'ignore previous instructions') inside SKILL.md. The file deliberately lists known injection phrasings as part of its security guidance and instructs agents to surface such content to users, so this finding is expected and not indicative of malicious behavior.
Assessment
This skill appears internally consistent with its stated purpose. Before installing: 1) Verify the HyperStack API key issuer (https://cascadeai.dev/hyperstack) and restrict the key's scope/rotation policy. 2) If you follow the README's npx/Docker recommendations, inspect the npm package versions and Docker image provenance (ghcr.io/deeqyaqub1-cmd/hyperstack:latest) rather than blindly running npx or pulling images. 3) Never store passwords, API keys, or PII in HyperStack cards (the SKILL explicitly warns about this). 4) If you plan to self-host, secure DATABASE_URL, JWT_SECRET, and any optional OPENAI_API_KEY used by your instance. 5) Understand that using the hosted service sends data to the provider's API (network access to api.hyperstack.dev) — audit their privacy/security policies if that matters to you.Like a lobster shell, security has layers — review code before you run it.
HYPERSTACK_API_KEYvk975x5tjxc1ydbbzvhd936ssbh81n46tapi-key-requiredvk975x5tjxc1ydbbzvhd936ssbh81n46tcontextvk975x5tjxc1ydbbzvhd936ssbh81n46tcost-savingvk975x5tjxc1ydbbzvhd936ssbh81n46tcost-saving api-key-requiredvk97ejydrxnr8wnmgtyfj9mqcvd80ysbvknowledgevk975x5tjxc1ydbbzvhd936ssbh81n46tlatestvk975x5tjxc1ydbbzvhd936ssbh81n46tlatest agent-memoryvk975x5tjxc1ydbbzvhd936ssbh81n46tlatest memoryvk97ejydrxnr8wnmgtyfj9mqcvd80ysbvmcpvk975x5tjxc1ydbbzvhd936ssbh81n46tpersistencevk97ejydrxnr8wnmgtyfj9mqcvd80ysbvrecallvk975x5tjxc1ydbbzvhd936ssbh81n46ttokensvk97ejydrxnr8wnmgtyfj9mqcvd80ysbv
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
🧠 Clawdis
EnvHYPERSTACK_API_KEY, HYPERSTACK_WORKSPACE
Primary envHYPERSTACK_API_KEY