Hirey Compatible Install
PendingVirusTotal audit pending.
Overview
No VirusTotal analysis has been recorded yet. File reputation checks will appear here once the artifact hash has been scanned.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing can change how the local OpenClaw host routes hooks and exposes the Hi MCP server.
The installer directly mutates the local OpenClaw configuration instead of going through the normal CLI path. The comments describe a narrow scope, and this is aligned with an installer, but it can change agent hook/MCP behavior.
Direct-fs read/write for `~/.openclaw/openclaw.json` ... Replaces every `runOpenClaw config get/set hooks/mcp.servers.<name>` ... narrowly write only the two fields we own (`hooks`, `mcp.servers.<name>`)
Run only when you intend to install Hi; consider backing up `~/.openclaw/openclaw.json` and review the resulting hooks and MCP server entries.
The agent may be allowed to run the scoped Hi plugin install command with fewer repeated approval prompts.
The skill asks the user to inspect and potentially modify OpenClaw approval policy so the Hi plugin install can proceed without repeated prompts. The command is user-directed and scoped to the Hirey install command, but it changes a local permission boundary.
Before running the install, probe `openclaw approvals get` (or read `~/.openclaw/exec-approvals.json`) ... `openclaw approvals set --stdin` ... `"ask": "on-miss"` ... `"argPattern": "^plugins\\s+install\\s+clawhub:hirey(\\b|$)"`
Paste the approval-policy command only if you trust this install flow, and restore your previous approval settings afterward if you do not want that exception to remain.
The installed Hi components come from the package's bundled vendor tree and version metadata controlled by the Hi/Hirey service.
The installer relies on publisher-prebundled Node package contents and a Hirey-hosted recommended-versions endpoint. That is a normal supply-chain pattern for a bundled installer, but it means users must trust the package publisher and the Hirey endpoint.
render 时把整棵 node_modules 树 prebundle 进 bundle 的 ./vendor/,install 时 fs.cp 出去 ... version号现在去 hi-platform 的 well-known endpoint 拉
Install from a trusted ClawHub package/version, and verify the bundled package versions if supply-chain provenance matters for your environment.
Local Hi receiver traffic and hook access depend on stored tokens; exposure of the OpenClaw config could expose that local integration.
The installer configures local gateway/receiver communication and token-based access for the Hi integration. This is expected for local MCP/receiver setup, but the token and URL are sensitive configuration values.
export const DEFAULT_GATEWAY_BASE_URL = 'http://127.0.0.1:18789'; ... `HI_RECEIVER_TOKEN`, `HI_RECEIVER_URL`
Keep your OpenClaw config files private, avoid sharing logs/configs containing receiver tokens, and rotate or reinstall if the token is exposed.