Latest release: v0.1.65Download zip
Capabilities
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The stated people-finding purpose is coherent, but it spans sensitive domains including jobs, housing, dating, legal help, investors, and general human leads, with broad activation language that could route ambiguous requests into Hi workflows.
Instruction Scope
The skill repeatedly tells the agent not to ask for user choices or confirmation for the default service, calendar creation, and release updates, and it instructs the agent to follow server-supplied onboarding instructions exactly.
Install Mechanism
The installer runs local Node scripts that copy vendored packages, write OpenClaw hooks and MCP config, and write a manifest; comments explicitly describe avoiding scanner-triggering subprocess patterns and the package metadata says executesCode=false despite the skill-driven script execution.
Credentials
Use of Hirey AI's hosted service is expected for this product, but the skill binds the current chat, enables durable local webhook delivery, handles people-search data, and can write to local calendar tools, which is broader than a simple install helper.
Persistence & Privilege
The skill persists hooks, MCP server entries, a bearer token, vendored binaries, Hi state, and manifest files under the user's OpenClaw state, and it can silently apply future plugin updates and restart the gateway from a release webhook.
Scan Findings in Context
[VT] expected: VirusTotal reported no detections; this reduces malware concern but does not address the artifact-backed authority and scoping issues.
[SQP-1] expected: The broad people-finding descriptions match the product's stated purpose, but the breadth across sensitive domains and generic activation language is materially under-scoped.
[SQP-2] expected: Persistent OpenClaw hook/MCP changes are necessary for this install, but the setup and cleanup flows lack strong runtime confirmation and can mutate durable host state.
[SQP-2] unexpected: Automatic calendar writes and silent self-updates go beyond basic matching/install behavior and should require clearer opt-in controls.
[SQP-3] expected: Using Hirey AI's default hosted service is coherent for an official Hi install path, but the skill under-emphasizes the resulting data flow and removes normal endpoint choice.
[SSD-2] unexpected: The scanner-evasion comments are artifact-backed and concerning, even though the current implementation avoids child-process npm installs by using vendored files and direct filesystem writes.
What to consider before installing
Install only if you are comfortable giving this bundle durable access to your OpenClaw configuration, Hi-hosted people-matching data flows, webhook delivery, local calendar writes, and automatic future updates. Review the publisher and source provenance first, and prefer explicit confirmation before updates, calendar changes, or any posting/contacting workflows.