AI Security Review
scanned 4h ago · by lpm-firewall-aiLPM treats this as warn-only first-party agent extension lifecycle risk. This OpenClaw memory plugin intentionally sends configured memory data to Hyperspell. Optional hooks can upload conversation traces, messages, and selected workspace Markdown; setup writes first-party OpenClaw configuration only after interactive confirmation.
Static reason
No blocking static signals were detected.
Trigger
OpenClaw loads a configured plugin; optional sync/trace features or explicit `openclaw-hyperspell setup` enable behavior.
Impact
Configured user memory and conversation content may be transmitted to Hyperspell; no unconsented install-time mutation or covert payload execution was confirmed.
Mechanism
configured agent-memory synchronization and OpenClaw lifecycle hooks
Rationale
Source inspection shows disclosed, package-aligned data synchronization and first-party OpenClaw setup behavior rather than concrete malicious activity. Because it is a guarded agent extension with optional conversation/workspace upload and cron setup, warn rather than block.
Evidence
package.jsonopenclaw.plugin.jsondist/index.jsdist/client.jsdist/commands/setup.jsdist/hooks/memory-sync.jsdist/sync/markdown.jsdist/graph/ops.jsdist/graph/tools.js
Network endpoints3
api.hyperspell.comapp.hyperspell.comconnect.hyperspell.com
Decision evidence
public snapshotAI called this Suspicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
- `dist/index.js`: configured runtime hooks upload memory, traces, and messages.
- `dist/commands/setup.js`: explicit setup writes OpenClaw config/.env and optionally creates a cron job.
Evidence against
- `package.json`: no `preinstall`, `install`, or `postinstall`; only `prepublishOnly`.
- `dist/client.js`: network calls are limited to package-aligned `https://api.hyperspell.com` with configured API-key authorization.
- No eval, dynamic module loading, native payloads, or arbitrary command execution found; child-process use has fixed browser/OpenClaw CLI invocations.
Behavioral surface
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
HighEntropyStringsUrlStrings
Source & flagged code
2 flagged · loading sourcedist/index.jsView file
•Published source reference
Medium
Ai Review Evidence
`dist/index.js`: configured runtime hooks upload memory, traces, and messages.
dist/index.jsView on unpkgdist/commands/setup.jsView file
•Published source reference
Medium
Ai Review Evidence
`dist/commands/setup.js`: explicit setup writes OpenClaw config/.env and optionally creates a cron job.
dist/commands/setup.jsView on unpkgFindings
4 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/index.js
MediumAi Review Evidencedist/commands/setup.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings