ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hey summon - provider

Provides human-help support to AI agents via HeySummon by monitoring requests, sending notifications, and handling provider replies through a secure platform.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 214 · 0 current installs · 0 all-time installs
by@thomasansems
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The skill's behavior (SSE watcher, sending notifications via OpenClaw, replying via platform API) aligns with the stated provider purpose. However the registry metadata listed no required env vars/credentials while SKILL.md and scripts require HEYSUMMON_BASE_URL, HEYSUMMON_API_KEY, and HEYSUMMON_NOTIFY_TARGET; this mismatch is an incoherence in packaging/manifesting of required capabilities.
!
Instruction Scope
SKILL.md instructs installing and running a persistent watcher and to forward replies immediately. The watcher scripts do exactly that, but they also read and write files under the user's home (~/.heysummon-provider) and read a local OpenClaw gateway token from ~/.openclaw/openclaw.json — an access to local credentials not explicitly called out in the registry metadata or SKILL.md (SKILL.md mentions OpenClaw but does not state it will read your home token).
Install Mechanism
This is instruction-only (no package download or installer). The skill includes shell scripts that require curl, node, jq and optionally pm2/nohup. No remote binary downloads or opaque installs were observed, which lowers code-injection risk, but code files are present and will be executed when you run setup.sh.
!
Credentials
The scripts require HEYSUMMON_BASE_URL, HEYSUMMON_API_KEY (must be provider key hs_prov_*), and HEYSUMMON_NOTIFY_TARGET. They also read the OpenClaw gateway token from ~/.openclaw/openclaw.json to call the local OpenClaw /tools/invoke endpoint. None of these environment/credential accesses were declared in the registry metadata — reading the local gateway token in particular is sensitive because it lets the watcher authenticate to local agent tooling.
Persistence & Privilege
The skill runs a persistent background watcher (pm2 or nohup), writes application state to ~/.heysummon-provider and a PID/log file, and will autonomously invoke the local OpenClaw tool to deliver notifications. There is no 'always: true' privilege and it does not modify other skills, but the combination of persistent background execution plus access to the local OpenClaw token increases its effective reach on the host.
What to consider before installing
Before installing, be aware this package expects provider credentials and access to your local OpenClaw gateway token even though the registry entry didn't declare them. Actionable checks: (1) Inspect .env.example and confirm you are comfortable providing HEYSUMMON_BASE_URL, HEYSUMMON_API_KEY (ensure it really is a provider key starting with hs_prov_) and HEYSUMMON_NOTIFY_TARGET. (2) Note the watcher reads ~/.openclaw/openclaw.json — if you install, that file's token will be used to call the local OpenClaw /tools/invoke endpoint; only install if you trust both the HeySummon platform and this code. (3) Run the watcher in an isolated environment (container or restricted VM) first, or run scripts manually to observe behavior. (4) Consider rotating the provider API key after testing, and prefer using least-privileged provider credentials. (5) If the registry metadata is supposed to declare required env vars, ask the publisher for an updated manifest that lists the HEYSUMMON_* vars and documents the OpenClaw token access. If you cannot verify the publisher or platform, do not run these scripts on a host containing sensitive keys.

Like a lobster shell, security has layers — review code before you run it.

Current versionv0.1.0-beta
Download zip
latestvk97epdwr6jvnj8vkbvqev11y3x8201jr

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

HeySummon Provider Skill

You are a human-help provider for AI agents via HeySummon.

Setup

Step 1: Configure .env

Check if .env exists in {baseDir}. If not, copy from .env.example:

cp {baseDir}/.env.example {baseDir}/.env

Required variables:

  • HEYSUMMON_BASE_URL — Platform URL (cloud: https://cloud.heysummon.ai, self-hosted: user provides)
  • HEYSUMMON_API_KEY — Provider key (hs_prov_...) from the dashboard
  • HEYSUMMON_NOTIFY_TARGET — Chat ID for notifications

Step 2: Validate key

The API key MUST start with hs_prov_. Reject keys with hs_cli_ prefix — those are client keys.

Step 3: Start the watcher

bash {baseDir}/scripts/setup.sh

To stop: bash {baseDir}/scripts/teardown.sh

Architecture

AI Agent → HeySummon Platform → SSE → Watcher → OpenClaw → Notification

All communication flows through the platform. No direct infrastructure access.

Scripts

ScriptPurpose
scripts/setup.shStart the event watcher
scripts/teardown.shStop the watcher
scripts/mercure-watcher.shSSE listener → notifications via OpenClaw
scripts/reply-handler.shReply by refCode: reply-handler.sh HS-XXXX "response"
scripts/respond.shReply by request ID: respond.sh <id> "response"

Reply-to-Respond

When the user replies to a 🦞 notification, parse the refCode (HS-XXXX) from the quoted message and use reply-handler.sh. Always forward immediately — no AI processing, no confirmation.

Statuses

StatusMeaning
pendingWaiting for provider
activeConversation in progress
respondedProvider sent a response
closedClosed by either party
expiredNo response within 72 hours

Files

7 total
Select a file
Select a file to preview.

Comments

Loading comments…