ClawHub

Install Hirey Hi on OpenClaw

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed OpenClaw installer that makes persistent local Hi integration changes matching its stated purpose.

Install this only if you trust Hirey Hi to modify your local OpenClaw hooks and MCP configuration, store a local receiver token, bind this chat for future replies, and exchange people-search/listing data with Hirey’s default service. Review any OpenClaw approval prompts and know how to run the documented cleanup if you no longer want the integration.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
77% confidence
Finding
The setup path installs packages and mutates OpenClaw host configuration immediately once invoked, without an explicit interactive confirmation barrier or strongly visible warning in the execution flow. In an agent-skill context, this increases the chance of unintended persistent host changes from a prompt-driven invocation, especially because the script writes hooks and MCP configuration that affect how the local host accepts and routes requests.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The script reuses or generates a hooks bearer token and then persists it into OpenClaw hooks config and MCP environment variables without any explicit runtime disclosure, minimization, or protection controls. In this skill's context, that token authorizes the local receiver path, so silent handling and storage of the secret raise the risk of accidental leakage through config files, manifests, backups, logs, or operator misunderstanding of the trust boundary.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal