ClawHub

Hi Register

Security checks across malware telemetry and agentic risk

Overview

This skill has a coherent Hi installer purpose, but it makes durable OpenClaw configuration changes and may register/bind the agent from ambiguous continuation prompts.

Install only if you intentionally want this OpenClaw host connected to Hirey Hi and are comfortable with persistent MCP/hooks changes, local receiver setup, and this chat becoming the default route for Hi messages. Review the platform URL and avoid entering sensitive personal, hiring, dating, legal, or contact information unless you trust the Hi service and its transport/security posture.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Vague Triggers

Medium
Confidence
90% confidence
Finding
The trigger phrases are broad enough to match common user requests like 'set up' or 'connect' without requiring strong Hi-specific context. In an agent system that auto-selects skills, this can cause the registration workflow to run in unintended contexts, potentially binding the host/chat to Hi when the user did not clearly request that action.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The instruction to use the skill when the user says 'continue' or 'anything else' after install is highly ambiguous and encourages execution based on conversational timing rather than explicit consent. That increases the chance of unintended agent registration and side effects, especially in multi-step flows where the next user message may be unrelated.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal