openviking-token-saver

The skill bundle implements a context management system but utilizes several high-risk installation and configuration patterns. Specifically, 'scripts/install.sh' employs a 'curl | bash' pattern to execute a remote script from GitHub and modifies user shell configuration files (.zshrc/.bashrc) to persist environment variables. The 'scripts/setup-config.sh' script collects sensitive API keys and stores them in a local configuration file (~/.openviking/ov.conf). While these behaviors are functionally aligned with the stated purpose of integrating the OpenViking database, they constitute significant security risks and potential vulnerabilities (e.g., plaintext credential storage and unauthorized shell modification). Additionally, 'scripts/viking.py' contains a hardcoded absolute path in its shebang (/Users/wuguanhua/...), which is a functional flaw.