Install
openclaw skills install @hushh/hushh-one-pkmUse when an OpenClaw agent needs to access a Hussh One user's Personal Knowledge Model through the Hussh MCP bridge. This covers developer-token setup, dynamic scope discovery, explicit user consent in One/Kai, consent polling, scoped export retrieval, and the privacy boundary for external agents.
openclaw skills install @hushh/hushh-one-pkmUse Hussh One through the MCP server hushh-one. OpenClaw exposes the tools as hushh-one__<toolName>.
If this skill was installed standalone from ClawHub, ensure the operator also installed the plugin package clawhub:@hushh/one-mcp; the plugin contributes the MCP server config. The standalone skill only contributes agent instructions.
Before calling tools, ensure the operator has configured HUSHH_DEVELOPER_TOKEN in the OpenClaw runtime environment. The token is created in the Hussh developer workspace:
https://uat.one.hushh.ai/developers.HUSHH_DEVELOPER_TOKEN.Never ask the user to paste the token into chat. Never put a developer token in a URL, prompt, file committed to git, or tool argument unless the local OpenClaw secret/env mechanism requires it.
Prefer the four-tool lifecycle for new integrations. hushh-one__prepare_campaign_context remains available as a compatibility one-shot for campaign and customer-experience requests.
For manual flows:
hushh-one__search_user_scopes with the user's registered email, phone number, or Hussh account identifier as user_identifier.attr.{domain}.{scope}.* scope for the stated purpose.hushh-one__request_consent with user_identifier, scope, and a plain-language purpose.hushh-one__check_consent_status with the returned request_ref at the returned interval.hushh-one__get_encrypted_scoped_export with the returned grant_ref and the original expected_scope.The user approves or denies consent in the first-party Hussh One/Kai app. Do not ask the user for an approval link, do not impersonate the user, and do not bypass consent polling.
Request only scopes returned by search_user_scopes.
Do not request or invent:
pkm.readpkm.writevault.ownerDynamic attr.* scopes are per-user. Two users can expose different scope catalogs.
This OpenClaw bundle launches the local @hushh/mcp stdio bridge. On that transport, get_encrypted_scoped_export may fetch the authenticated ciphertext resource, decrypt locally with the connector key stored on the user's machine, and return a bounded delivery: decrypted_local data object. Hosted HTTP MCP returns encrypted export metadata plus an authenticated resource link instead. Treat any decrypted payload as purpose-bound, scoped, and time-boxed.
Store only workflow metadata by default: consent request id, receipt/token reference, scope label, status, expiry, and audit reference. Do not persist raw PKM, KYC documents, full email bodies, vault data, user keys, connector private keys, or broad personal profiles.
If a downstream system receives plaintext personal information, that copy is outside Hussh's zero-knowledge boundary and must have explicit purpose, retention, encryption or masking, access control, deletion, and audit ownership.
country_iso2 or country when a phone number is national rather than E.164.expected_scope on export retrieval so broader reused grants can still be narrowed by the connector.HUSHH_DEVELOPER_TOKEN through the Hussh developer workspace.