registry  /  @hyperspell/openclaw-hyperspell  /  0.20.0

@hyperspell/openclaw-hyperspell@0.20.0

OpenClaw Hyperspell memory plugin

AI Security Review

scanned 4h ago · by lpm-firewall-ai

LPM treats this as warn-only first-party agent extension lifecycle risk. No install-time attack surface is established. The explicit `openclaw-hyperspell setup` command writes first-party OpenClaw configuration and can install an OpenClaw cron job; enabled runtime hooks transmit configured memory and conversation content to Hyperspell.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs the setup command or enables configured OpenClaw memory hooks.
Impact
Configured workspace memory and selected conversation traces can be sent to the declared Hyperspell service; setup persists plugin configuration.
Mechanism
First-party agent extension setup, cron registration, and memory synchronization.
Rationale
Source inspection confirms explicit agent configuration mutation and optional recurring agent work, plus configured memory/conversation uploads. No concrete malicious chain or install-time foreign control-surface mutation was found.
Evidence
package.jsondist/index.jsdist/commands/setup.jsdist/client.jsdist/hooks/auto-trace.jsdist/hooks/hot-buffer.js~/.openclaw/openclaw.json~/.openclaw/.env<workspace>/HYPERSPELL-MEMORY-NETWORK.md<workspace>/memory/
Network endpoints3
api.hyperspell.comapp.hyperspell.comconnect.hyperspell.com

Decision evidence

public snapshot
AI called this Suspicious at 88.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `dist/commands/setup.js` explicitly writes OpenClaw config and `.env`.
  • User-invoked setup can create and trigger an `openclaw` cron job.
  • `dist/hooks/auto-trace.js` and `hot-buffer.js` send conversation data to Hyperspell.
Evidence against
  • `package.json` has only `prepublishOnly`; no install-time lifecycle hook.
  • `dist/index.js` registers behavior only through the OpenClaw plugin runtime.
  • No dynamic evaluation, native loading, hidden payload, or arbitrary shell construction found.
  • Browser launches and network setup are confirmation-gated in `dist/commands/setup.js`.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 35 file(s), 303 KB of source, external domains: api.hyperspell.com, app.hyperspell.com, connect.hyperspell.com

Source & flagged code

1 flagged · loading source
dist/commands/setup.jsView file
matchType = previous_version_dangerous_delta matchedPackage = @hyperspell/openclaw-hyperspell@0.18.1 matchedIdentity = npm:[redacted]:0.18.1 similarity = 0.367 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/commands/setup.jsView on unpkg

Findings

1 High2 Medium5 Low
HighPrevious Version Dangerous Deltadist/commands/setup.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings