← 返回 Skills 市场
yzlee

OpenClaw Hi Install

作者 yzlee · GitHub ↗ · v0.1.45 · MIT-0
cross-platform ⚠ suspicious
546
总下载
0
收藏
0
当前安装
39
版本数
在 OpenClaw 中安装
/install openclaw-hi-install
功能描述
Install or repair Hirey Hi on a local OpenClaw host through the official ClawHub package path, then complete the local MCP, receiver, registration, and healt...
安全使用建议
This skill appears to be a legitimate OpenClaw-local installer. Before installing: (1) Confirm you are on a real OpenClaw host and that you trust the ClawHub package source (clawhub:hirey-openclaw-hi-install) and the domain hi.hireyapp.us, since the installer will configure services to communicate there. (2) Be aware the installer will read the host's session data and manage hooks tokens (sensitive) and will write configuration under ~/.openclaw-<profile>/ and ~/.openclaw/.../vendor/hi. (3) Back up any existing OpenClaw config/state you care about. (4) If you want extra assurance, inspect the full installer code (scripts/openclaw-host-installer.mjs) and verify network endpoints and the npm package pins before running the canonical openclaw plugins install command.
功能分析
Type: OpenClaw Skill Name: openclaw-hi-install Version: 0.1.45 The skill functions as an automated installer that performs high-privilege operations, including executing shell commands (npm, openclaw), modifying the host's 'openclaw.json' configuration, and establishing a local HTTP hook receiver. While these actions are consistent with the stated purpose of installing the 'Hi' platform, they involve risky capabilities such as generating bearer tokens and mounting an MCP server. A significant vulnerability is the hardcoded use of an unencrypted HTTP endpoint (http://hi.hireyapp.us) for a service intended to handle sensitive 'people-to-people' matching data, as seen in SKILL.md and scripts/openclaw-host-installer.mjs.
能力标签
cryptorequires-oauth-tokenrequires-sensitive-credentials
能力评估
Purpose & Capability
The name/description (install or repair Hi on an OpenClaw host) matches the behavior: SKILL.md instructs installing the ClawHub package and running a bundled installer, and the bundle contains an installer script that manipulates OpenClaw state, vendor dirs, and Hi-related env settings. Nothing requested (no external credentials, no unrelated binaries) is out of scope for an installer of this kind.
Instruction Scope
Instructions explicitly direct the agent to run the canonical openclaw plugin installation command, then run package-local installer steps (status, phase1-apply, phase2-install-args). The runtime docs and script read and write OpenClaw host state (e.g., sessions.recent[].key, openclaw.json under a ~/.openclaw- profile) and require producing/consuming hook tokens and host session keys. This is expected for configuring inter-process hooks but is sensitive (session keys/tokens). The instructions avoid broad, unspecified data collection, but they do instruct reading local host session data and writing config files — confirm you trust the host and the ClawHub package before proceeding.
Install Mechanism
This is an instruction-only skill with a bundled Node.js installer script. There is no remote download URL in the SKILL.md or install spec; the canonical install command calls 'openclaw plugins install clawhub:hirey-openclaw-hi-install' which delegates to the platform's plugin system. The script likely runs local commands (execFile) and installs pinned npm packages into a user-writable vendor directory (~/.openclaw/.../vendor/hi) rather than system-wide paths, which is appropriate for user-level installs.
Credentials
The skill declares no required environment variables, which matches the registry metadata. At runtime the installer will set and manage HI_* environment entries (HI_PLATFORM_BASE_URL, HI_MCP_TRANSPORT, HI_MCP_PROFILE, HI_MCP_STATE_DIR, HI_RECEIVER_TOKEN, HI_RECEIVER_URL). Those are relevant and necessary for Hi operation, but HI_RECEIVER_TOKEN and host session keys are sensitive secrets. The skill expects to read the host's current session key (openclaw status --json) to complete configuration — that is proportional but sensitive; confirm you want to allow the installer to access and persist these tokens on disk.
Persistence & Privilege
The skill is not force-enabled (always:false) and does not request elevated system privileges. It writes to per-profile OpenClaw state under the user's home directory and the vendor dir (user-writable) and configures local MCP/receiver hooks. This is normal for an installer and does not appear to modify other skills' code or system-wide settings outside the OpenClaw profile paths.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install openclaw-hi-install
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /openclaw-hi-install 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v0.1.45
chore(openclaw): bump hirey-openclaw-hi-install to 0.1.45 with self-feedback loop guards
v0.1.44
refactor(platform): make thread_meetings scheduled a strict terminal with async artifacts projection
v0.1.43
chore(openclaw): bump hirey-openclaw-hi-install to 0.1.43 for Hi usage skill refresh
v0.1.42
chore(openclaw): bump hirey-openclaw-hi-install to 0.1.42 for SKILL.md refresh
v0.1.41
fix(platform): pin OpenClaw install flow to hi-mcp-server 0.1.19
v0.1.38
fix(platform): keep OpenClaw Hi install on helper rails
v0.1.36
fix(platform): improve OpenClaw Hi install discoverability
v0.1.35
fix(platform): block Stage-A OpenClaw package bootstrap
v0.1.34
fix(platform): harden OpenClaw install prompting and listing upserts
v0.1.33
fix(platform): add post-install OpenClaw Hi skill.
v0.1.32
fix(platform): republish OpenClaw install artifacts.
v0.1.31
refactor(platform): split listing taxonomy authoring into two steps
v0.1.30
Package-first OpenClaw Hi bundle bootstrap and runtime workflow packaging.
v0.1.29
fix(platform): streamline OpenClaw installer status and phase2 args.
v0.1.28
fix(platform): execute OpenClaw Hi install phases deterministically.
v0.1.25
fix(platform): harden OpenClaw Hi install readiness checks
v0.1.24
fix(platform): bump released Hi install pins to 0.1.16
v0.1.23
Platform: bump public Hi MCP install pins.
v0.1.22
Platform: harden OpenClaw install command handling.
v0.1.21
Platform: bump public OpenClaw install versions.
元数据
Slug openclaw-hi-install
版本 0.1.45
许可证 MIT-0
累计安装 0
当前安装数 0
历史版本数 39
常见问题

OpenClaw Hi Install 是什么?

Install or repair Hirey Hi on a local OpenClaw host through the official ClawHub package path, then complete the local MCP, receiver, registration, and healt... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 546 次。

如何安装 OpenClaw Hi Install?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install openclaw-hi-install」即可一键安装,无需额外配置。

OpenClaw Hi Install 是免费的吗?

是的,OpenClaw Hi Install 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

OpenClaw Hi Install 支持哪些平台?

OpenClaw Hi Install 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 OpenClaw Hi Install?

由 yzlee(@yzlee)开发并维护,当前版本 v0.1.45。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论