← Back to Skills Marketplace

OpenClaw Hi Install

Name: OpenClaw Hi Install
Author: yzlee

by yzlee · GitHub ↗ · v0.1.45 · MIT-0

cross-platform ⚠ suspicious

546

Downloads

Stars

Active Installs

Versions

Install in OpenClaw

/install openclaw-hi-install

Description

Install or repair Hirey Hi on a local OpenClaw host through the official ClawHub package path, then complete the local MCP, receiver, registration, and healt...

Usage Guidance

This skill appears to be a legitimate OpenClaw-local installer. Before installing: (1) Confirm you are on a real OpenClaw host and that you trust the ClawHub package source (clawhub:hirey-openclaw-hi-install) and the domain hi.hireyapp.us, since the installer will configure services to communicate there. (2) Be aware the installer will read the host's session data and manage hooks tokens (sensitive) and will write configuration under ~/.openclaw-<profile>/ and ~/.openclaw/.../vendor/hi. (3) Back up any existing OpenClaw config/state you care about. (4) If you want extra assurance, inspect the full installer code (scripts/openclaw-host-installer.mjs) and verify network endpoints and the npm package pins before running the canonical openclaw plugins install command.

Capability Analysis

Type: OpenClaw Skill Name: openclaw-hi-install Version: 0.1.45 The skill functions as an automated installer that performs high-privilege operations, including executing shell commands (npm, openclaw), modifying the host's 'openclaw.json' configuration, and establishing a local HTTP hook receiver. While these actions are consistent with the stated purpose of installing the 'Hi' platform, they involve risky capabilities such as generating bearer tokens and mounting an MCP server. A significant vulnerability is the hardcoded use of an unencrypted HTTP endpoint (http://hi.hireyapp.us) for a service intended to handle sensitive 'people-to-people' matching data, as seen in SKILL.md and scripts/openclaw-host-installer.mjs.

Capability Tags

cryptorequires-oauth-tokenrequires-sensitive-credentials

Capability Assessment

✓ Purpose & Capability

The name/description (install or repair Hi on an OpenClaw host) matches the behavior: SKILL.md instructs installing the ClawHub package and running a bundled installer, and the bundle contains an installer script that manipulates OpenClaw state, vendor dirs, and Hi-related env settings. Nothing requested (no external credentials, no unrelated binaries) is out of scope for an installer of this kind.

ℹ Instruction Scope

Instructions explicitly direct the agent to run the canonical openclaw plugin installation command, then run package-local installer steps (status, phase1-apply, phase2-install-args). The runtime docs and script read and write OpenClaw host state (e.g., sessions.recent[].key, openclaw.json under a ~/.openclaw- profile) and require producing/consuming hook tokens and host session keys. This is expected for configuring inter-process hooks but is sensitive (session keys/tokens). The instructions avoid broad, unspecified data collection, but they do instruct reading local host session data and writing config files — confirm you trust the host and the ClawHub package before proceeding.

✓ Install Mechanism

This is an instruction-only skill with a bundled Node.js installer script. There is no remote download URL in the SKILL.md or install spec; the canonical install command calls 'openclaw plugins install clawhub:hirey-openclaw-hi-install' which delegates to the platform's plugin system. The script likely runs local commands (execFile) and installs pinned npm packages into a user-writable vendor directory (~/.openclaw/.../vendor/hi) rather than system-wide paths, which is appropriate for user-level installs.

ℹ Credentials

The skill declares no required environment variables, which matches the registry metadata. At runtime the installer will set and manage HI_* environment entries (HI_PLATFORM_BASE_URL, HI_MCP_TRANSPORT, HI_MCP_PROFILE, HI_MCP_STATE_DIR, HI_RECEIVER_TOKEN, HI_RECEIVER_URL). Those are relevant and necessary for Hi operation, but HI_RECEIVER_TOKEN and host session keys are sensitive secrets. The skill expects to read the host's current session key (openclaw status --json) to complete configuration — that is proportional but sensitive; confirm you want to allow the installer to access and persist these tokens on disk.

✓ Persistence & Privilege

The skill is not force-enabled (always:false) and does not request elevated system privileges. It writes to per-profile OpenClaw state under the user's home directory and the vendor dir (user-writable) and configures local MCP/receiver hooks. This is normal for an installer and does not appear to modify other skills' code or system-wide settings outside the OpenClaw profile paths.

How to Use

Make sure OpenClaw is installed (local or Docker)
Run the install command in chat: /install openclaw-hi-install
After installation, invoke the skill by name or use /openclaw-hi-install
Provide required inputs per the skill's parameter spec and get structured output

Version History

v0.1.45

chore(openclaw): bump hirey-openclaw-hi-install to 0.1.45 with self-feedback loop guards

v0.1.44

refactor(platform): make thread_meetings scheduled a strict terminal with async artifacts projection

v0.1.43

chore(openclaw): bump hirey-openclaw-hi-install to 0.1.43 for Hi usage skill refresh

v0.1.42

chore(openclaw): bump hirey-openclaw-hi-install to 0.1.42 for SKILL.md refresh

v0.1.41

fix(platform): pin OpenClaw install flow to hi-mcp-server 0.1.19

v0.1.38

fix(platform): keep OpenClaw Hi install on helper rails

v0.1.36

fix(platform): improve OpenClaw Hi install discoverability

v0.1.35

fix(platform): block Stage-A OpenClaw package bootstrap

v0.1.34

fix(platform): harden OpenClaw install prompting and listing upserts

v0.1.33

fix(platform): add post-install OpenClaw Hi skill.

v0.1.32

fix(platform): republish OpenClaw install artifacts.

v0.1.31

refactor(platform): split listing taxonomy authoring into two steps

v0.1.30

Package-first OpenClaw Hi bundle bootstrap and runtime workflow packaging.

v0.1.29

fix(platform): streamline OpenClaw installer status and phase2 args.

v0.1.28

fix(platform): execute OpenClaw Hi install phases deterministically.

v0.1.25

fix(platform): harden OpenClaw Hi install readiness checks

v0.1.24

fix(platform): bump released Hi install pins to 0.1.16

v0.1.23

Platform: bump public Hi MCP install pins.

v0.1.22

Platform: harden OpenClaw install command handling.

v0.1.21

Platform: bump public OpenClaw install versions.

Metadata

Slug openclaw-hi-install

Version 0.1.45

License MIT-0

All-time Installs 0

Active Installs 0

Total Versions 39

Frequently Asked Questions

What is OpenClaw Hi Install?

Install or repair Hirey Hi on a local OpenClaw host through the official ClawHub package path, then complete the local MCP, receiver, registration, and healt... It is an AI Agent Skill for Claude Code / OpenClaw, with 546 downloads so far.

How do I install OpenClaw Hi Install?

Run "/install openclaw-hi-install" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is OpenClaw Hi Install free?

Yes, OpenClaw Hi Install is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does OpenClaw Hi Install support?

OpenClaw Hi Install is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created OpenClaw Hi Install?

It is built and maintained by yzlee (@yzlee); the current version is v0.1.45.

More Skills