Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Hey summon - provider
v0.1.0-betaProvides human-help support to AI agents via HeySummon by monitoring requests, sending notifications, and handling provider replies through a secure platform.
⭐ 0· 345·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The skill's behavior (SSE watcher, sending notifications via OpenClaw, replying via platform API) aligns with the stated provider purpose. However the registry metadata listed no required env vars/credentials while SKILL.md and scripts require HEYSUMMON_BASE_URL, HEYSUMMON_API_KEY, and HEYSUMMON_NOTIFY_TARGET; this mismatch is an incoherence in packaging/manifesting of required capabilities.
Instruction Scope
SKILL.md instructs installing and running a persistent watcher and to forward replies immediately. The watcher scripts do exactly that, but they also read and write files under the user's home (~/.heysummon-provider) and read a local OpenClaw gateway token from ~/.openclaw/openclaw.json — an access to local credentials not explicitly called out in the registry metadata or SKILL.md (SKILL.md mentions OpenClaw but does not state it will read your home token).
Install Mechanism
This is instruction-only (no package download or installer). The skill includes shell scripts that require curl, node, jq and optionally pm2/nohup. No remote binary downloads or opaque installs were observed, which lowers code-injection risk, but code files are present and will be executed when you run setup.sh.
Credentials
The scripts require HEYSUMMON_BASE_URL, HEYSUMMON_API_KEY (must be provider key hs_prov_*), and HEYSUMMON_NOTIFY_TARGET. They also read the OpenClaw gateway token from ~/.openclaw/openclaw.json to call the local OpenClaw /tools/invoke endpoint. None of these environment/credential accesses were declared in the registry metadata — reading the local gateway token in particular is sensitive because it lets the watcher authenticate to local agent tooling.
Persistence & Privilege
The skill runs a persistent background watcher (pm2 or nohup), writes application state to ~/.heysummon-provider and a PID/log file, and will autonomously invoke the local OpenClaw tool to deliver notifications. There is no 'always: true' privilege and it does not modify other skills, but the combination of persistent background execution plus access to the local OpenClaw token increases its effective reach on the host.
What to consider before installing
Before installing, be aware this package expects provider credentials and access to your local OpenClaw gateway token even though the registry entry didn't declare them. Actionable checks: (1) Inspect .env.example and confirm you are comfortable providing HEYSUMMON_BASE_URL, HEYSUMMON_API_KEY (ensure it really is a provider key starting with hs_prov_) and HEYSUMMON_NOTIFY_TARGET. (2) Note the watcher reads ~/.openclaw/openclaw.json — if you install, that file's token will be used to call the local OpenClaw /tools/invoke endpoint; only install if you trust both the HeySummon platform and this code. (3) Run the watcher in an isolated environment (container or restricted VM) first, or run scripts manually to observe behavior. (4) Consider rotating the provider API key after testing, and prefer using least-privileged provider credentials. (5) If the registry metadata is supposed to declare required env vars, ask the publisher for an updated manifest that lists the HEYSUMMON_* vars and documents the OpenClaw token access. If you cannot verify the publisher or platform, do not run these scripts on a host containing sensitive keys.Like a lobster shell, security has layers — review code before you run it.
latestvk97epdwr6jvnj8vkbvqev11y3x8201jr
License
MIT-0
Free to use, modify, and redistribute. No attribution required.