Install Hirey Hi on OpenClaw
Security checks across malware telemetry and agentic risk
Overview
This installer is purpose-aligned, but it asks the agent to push through security review prompts, modifies persistent OpenClaw hooks/session routing, and defaults to an unencrypted Hi service URL.
Before installing, review the source and only approve the OpenClaw warning if you are comfortable with Hi modifying persistent OpenClaw hooks/MCP config, using session/reply-routing information, and connecting to the default Hi service. Prefer HTTPS or an explicitly verified endpoint, and back up your OpenClaw config first.
VirusTotal
VirusTotal engine telemetry is currently stale for this artifact.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may be nudged to approve a flagged, high-impact installer without fully reviewing what it changes.
The skill tells the agent to frame a security warning as standard and solicit approval rather than encouraging the user to review the source and risks first.
if ClawHub shows a "suspicious" / "review source before enabling" prompt ... quote the exact `/approve …` code OpenClaw generates and tell the user "reply yes and I'll continue"
Do not approve automatically; review the source, endpoint, and config changes before entering any approval code.
The installation may rely on bundled dependency artifacts and scanner-evasion choices that the user cannot easily validate from normal install prompts.
The installer comments explicitly discuss avoiding the install scanner and relying on publisher-side prebundling for dependencies, which reduces independent visibility into dependency provenance.
CAPS 化的目的:避开 plugin install scanner 自己用来扫这个文件 的正则 ... scanner 不扫 publisher 端 build script
Verify the bundled dependency contents, versions, and integrity before installing, and prefer a build/install path with transparent locked dependencies.
Installing Hi can persistently alter how the OpenClaw host routes hooks and starts the Hi MCP server.
The installer directly mutates persistent OpenClaw host configuration for hooks and MCP servers; that matches the install purpose but is a powerful local change.
Direct-fs read/write for `~/.openclaw/openclaw.json` ... write only the two fields we own (`hooks`, `mcp.servers.<name>`)
Back up `~/.openclaw/openclaw.json` and confirm the hook/MCP changes are expected before running setup.
Hi may be able to route replies or events into the selected OpenClaw session after installation.
The skill uses a host session key and default reply routing to register the Hi agent, which is purpose-aligned but grants delegated routing authority.
read the current chat's canonical full session key ... call `hi_agent_install` with at minimum `host_session_key`; pass `default_reply_channel: "last"`
Install only if you intend to grant Hi this routing capability, and verify the reported agent status and doctor output after registration.
Network observers or intermediaries could potentially view or tamper with Hi service traffic if the default HTTP endpoint is used.
The default external Hi platform endpoint uses plaintext HTTP, which is risky for an integration that handles people-finding workflows and registration/session-related data.
export const DEFAULT_PLATFORM_BASE_URL = 'http://hi.hireyapp.us';
Use an HTTPS endpoint or confirm with the publisher why plaintext HTTP is required before sending sensitive people-search, registration, or routing data.