openclaw-hi-install 安全扫描报告 — 可信 | ClawSafe

0 /100

openclaw-hi-install

Installs Hi into a local OpenClaw host through the official ClawHub path, then completes register, activate, receiver setup, and health checks through Hi's high-level install control tools.

This skill is purely documentation for installing the Hi agent platform on OpenClaw hosts. No code or scripts are present—only a comprehensive SKILL.md describing an installation workflow with appropriate security practices.

技能名称openclaw-hi-install

分析耗时27.5s

引擎pi

✓

可以安装

This skill is safe to use. However, the actual security depends on the remote npm packages (`@hirey/[email protected]`, `@hirey/[email protected]`) and the `hi_agent_install`/`hi_agent_doctor` commands it references. Ensure these dependencies are from a trusted source before execution.

资源类型	声明权限	推断权限	状态	证据
文件系统	`WRITE`	`WRITE`	✓ 一致	SKILL.md: Documents writes to ~/.openclaw/vendor/hi for user-local npm installat…
网络访问	`READ`	`READ`	✓ 一致	SKILL.md: Documents configuring OpenClaw hooks at http://127.0.0.1:18789/hooks/a…
命令执行	`WRITE`	`WRITE`	✓ 一致	SKILL.md: Documents npm install commands and hi_agent_* tool invocations
环境变量	`WRITE`	`WRITE`	✓ 一致	SKILL.md: Documents setting HI_PLATFORM_BASE_URL, HI_MCP_TRANSPORT, HI_MCP_PROFI…
技能调用	`READ`	`READ`	✓ 一致	SKILL.md: Invokes hi_agent_install, hi_agent_doctor, hi_agent_reset tools

1 项发现

🔗

中危外部 URL 外部 URL

http://127.0.0.1:18789/hooks/agent

SKILL.md:35

目录结构

1 文件 · 7.2 KB · 87 行

Markdown 1f · 87L

└─ 📝 SKILL.md Markdown 87L · 7.2 KB

依赖分析 2 项

包名	版本	来源	已知漏洞	备注
`@hirey/hi-mcp-server`	`0.1.6`	npm	否	Version pinned; trust depends on @hirey namespace
`@hirey/hi-agent-receiver`	`0.1.7`	npm	否	Version pinned; trust depends on @hirey namespace

安全亮点

✓ No executable code present—pure documentation

✓ Uses version-pinned npm packages (0.1.6, 0.1.7) to prevent supply chain attacks

✓ Installs to user-local directory (~/.openclaw/vendor/hi) instead of requiring elevated privileges

✓ Generates fresh random tokens for OpenClaw hooks (does not reuse gateway auth token)

✓ Has explicit security boundaries: 'do not ask for AWS credentials'

✓ Requires user confirmation before permission/auth prompts or destructive operations

✓ Documents proper validation steps with hi_agent_doctor

✓ Explicitly warns against using raw-skill or ad-hoc install paths