Hi Openclaw Plugin
ReviewAudited by ClawScan on May 13, 2026.
Overview
This Hi plugin mostly matches its stated purpose, but it automatically changes OpenClaw tool/hook settings and can let Hirey cloud events trigger local agent sessions, so it needs review before installation.
Install only if you are comfortable with a native gateway plugin that stores Hi credentials, changes OpenClaw tool/hook configuration, and runs a background cloud-event delivery service. Prefer the native `clawhub:hirey` install on OpenClaw 5.2+, review OpenClaw config after installation, and avoid the `--dangerously-force-unsafe-install` fallback unless you specifically need it and trust the compatible bundle.
Findings (6)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the plugin can make plugin tools available to the agent by changing the host configuration, potentially affecting more than just this plugin.
The plugin automatically changes OpenClaw tool-visibility configuration at register time. Using group:plugins is broader than naming only this plugin's tools and changes agent behavior without a separate explicit user action.
void ensurePluginToolsAlsoAllowed() ... 'auto-patched tools.alsoAllow=group:plugins so plugin tools become visible to LLM in coding profile'
Require explicit user opt-in for config patching, scope the allow entry to this plugin's tool names where possible, and show the before/after OpenClaw config change.
A remote platform event may trigger local OpenClaw agent activity in a recent chat rather than only in a user-selected or explicitly bound session.
Cloud-originated Hi events can be routed into the most recent local user session when route information is missing or for forced-current-chat event types.
const sk = findRecentUserSessionKey(); ... payloadConfig = { session_key: sk }; ... reason: shouldRouteToUserCurrentChat(args.event) ? 'forced_current_chat' : 'no_route_info_fallback'Make route binding explicit, provide a user-visible control to pause/disable push delivery, and avoid falling back to a recent session without clear consent.
The plugin may keep restoring the local plumbing needed for cloud-to-agent delivery while the gateway is running.
The long-running service can automatically repair or create hooks configuration after startup, sustaining background event delivery beyond a one-time user-invoked setup.
const ensure = await ensureOpenClawHooksConfigured({ preferredToken: null }); ... '[hi-openclaw-plugin] daemon self-healed hooks config'Document the self-heal behavior, make it configurable, and provide an obvious disable/uninstall cleanup path for hooks and background services.
Users may believe the native plugin avoids hook-token configuration even though the runtime still depends on local hook credentials for event delivery.
The user-facing documentation downplays hooks-token plumbing, while the provided service code uses hooks_token for /hooks/agent delivery and can self-heal hook configuration.
`api.registerHttpRoute(...)` for the webhook ingress — uses gateway's HTTP server, no separate hooks token
Update the README and metadata to clearly disclose hooks token/path/gateway-port usage and when the plugin may modify those settings.
The plugin's local state can authorize actions against the user's Hi agent account until those credentials are revoked or removed.
The plugin exchanges a stored Hi client secret for access tokens. This is expected for the Hi integration, but it is sensitive account authority.
clientSecret: state.identity.client_secret, ... accessToken: token.access_token
Protect the plugin state directory, avoid sharing state/log files, and ensure uninstall or account settings provide a way to revoke the Hi identity.
Older-host users may install a separate compatible bundle with installer code that receives broader setup authority.
The fallback install path for older OpenClaw hosts is disclosed, version-scoped, and user-directed, but it relies on a break-glass override and setup helper outside the native plugin path.
`openclaw plugins install clawhub:hirey-compatible --dangerously-force-unsafe-install` ... `child_process.execFile` to spawn `npm install` and `openclaw config set`
Use the native `clawhub:hirey` path on OpenClaw 5.2+; if the compatible bundle is required, inspect and approve that package deliberately.