hi-light Ear Skill
Security checks across static analysis, malware telemetry, and agentic risk
Overview
The skill mostly matches its HiLight setup purpose, but it may expose your API key in command output and enables a broadly open HiLight channel by default.
Only run this if you trust the HiLight plugin and are comfortable giving it your API key. Prefer a dry run first, ask the agent not to print full config output, and consider restricting dmPolicy/allowFrom rather than using the open wildcard defaults.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Running the skill can change your OpenClaw setup and restart its gateway service.
The script installs/enables an OpenClaw plugin and restarts the gateway. This is disclosed and purpose-aligned, but it materially changes the user's OpenClaw environment.
run_cmd openclaw plugins install "$PLUGIN_SPEC" ... run_cmd openclaw plugins enable "$PLUGIN_ID" ... run_cmd openclaw gateway restart
Use --dry-run first if you want to preview changes, and use --no-restart if you do not want the gateway restarted automatically.
You are trusting the external @art_style666/hi-light plugin code that OpenClaw installs.
The skill installs an external plugin package as part of its normal workflow. This is central to the skill, but the provided registry metadata lists no source homepage, so provenance is not independently established in the artifacts.
PLUGIN_SPEC="${PLUGIN_SPEC:-@art_style666/hi-light}"
...
run_cmd openclaw plugins install "$PLUGIN_SPEC"Verify that @art_style666/hi-light is the intended trusted HiLight plugin before running the setup.
Your HiLight API key could appear in local command output, logs, or an agent transcript.
After writing the API key into authToken, the script retrieves the full hi-light channel JSON. The artifacts do not show redaction, so the stored token may be printed in terminal/tool output despite the SKILL.md instruction not to repeat the token.
run_cmd openclaw config set 'channels["hi-light"].authToken' "$API_KEY" ... echo "[INFO] Current hi-light channel summary" run_cmd openclaw config get 'channels["hi-light"]' --json
Do not print the full channel config after storing the key; redact authToken or query only non-secret fields. Treat the API key as a declared credential.
If these settings control who can message the OpenClaw channel, the default may accept a broad set of HiLight senders rather than a restricted list.
The default channel policy is open and allows from wildcard '*'. The workflow does not clearly explain the inbound-message boundary or prompt users to narrow allowed senders.
DEFAULT_DM_POLICY="open" DEFAULT_ALLOW_FROM='["*"]' ... run_cmd openclaw config set 'channels["hi-light"].dmPolicy' "$DM_POLICY" run_cmd openclaw config set 'channels["hi-light"].allowFrom' "$ALLOW_FROM"
Before enabling the channel, confirm what dmPolicy and allowFrom mean for HiLight and consider setting a restricted allowFrom list instead of the wildcard default.