registry  /  @hyperspell/openclaw-hyperspell  /  0.18.1

@hyperspell/openclaw-hyperspell@0.18.1

OpenClaw Hyperspell memory plugin

AI Security Review

scanned 4h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. This OpenClaw memory plugin intentionally sends configured memory data to Hyperspell. Optional hooks can upload conversation traces, messages, and selected workspace Markdown; setup writes first-party OpenClaw configuration only after interactive confirmation.

Static reason
No blocking static signals were detected.
Trigger
OpenClaw loads a configured plugin; optional sync/trace features or explicit `openclaw-hyperspell setup` enable behavior.
Impact
Configured user memory and conversation content may be transmitted to Hyperspell; no unconsented install-time mutation or covert payload execution was confirmed.
Mechanism
configured agent-memory synchronization and OpenClaw lifecycle hooks
Rationale
Source inspection shows disclosed, package-aligned data synchronization and first-party OpenClaw setup behavior rather than concrete malicious activity. Because it is a guarded agent extension with optional conversation/workspace upload and cron setup, warn rather than block.
Evidence
package.jsonopenclaw.plugin.jsondist/index.jsdist/client.jsdist/commands/setup.jsdist/hooks/memory-sync.jsdist/sync/markdown.jsdist/graph/ops.jsdist/graph/tools.js
Network endpoints3
api.hyperspell.comapp.hyperspell.comconnect.hyperspell.com

Decision evidence

public snapshot
AI called this Suspicious at 86.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/index.js`: configured runtime hooks upload memory, traces, and messages.
  • `dist/commands/setup.js`: explicit setup writes OpenClaw config/.env and optionally creates a cron job.
Evidence against
  • `package.json`: no `preinstall`, `install`, or `postinstall`; only `prepublishOnly`.
  • `dist/client.js`: network calls are limited to package-aligned `https://api.hyperspell.com` with configured API-key authorization.
  • No eval, dynamic module loading, native payloads, or arbitrary command execution found; child-process use has fixed browser/OpenClaw CLI invocations.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 30 file(s), 234 KB of source, external domains: api.hyperspell.com, app.hyperspell.com, connect.hyperspell.com

Source & flagged code

2 flagged · loading source
dist/index.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/index.js`: configured runtime hooks upload memory, traces, and messages.

dist/index.jsView on unpkg
dist/commands/setup.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/commands/setup.js`: explicit setup writes OpenClaw config/.env and optionally creates a cron job.

dist/commands/setup.jsView on unpkg

Findings

4 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/index.js
MediumAi Review Evidencedist/commands/setup.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings