Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Openviking Pro Skill
v1.2.0한국어 형태소 분석 기반 클라우드 Context DB API로 토큰 최대 96% 절감, 자동 동기화 및 팀 공유 기능 지원. API Key 필요.
⭐ 0· 70·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md and name describe a cloud 'memory' compression API for reducing token usage; the examples show POSTs to api.openviking.pro which aligns with that purpose. However the top-level metadata and README text state an API key is required while the skill's declared requirements list no required environment variables or primary credential — that's an inconsistency (they should declare a primaryEnv or documented auth method). The lack of a clear source/homepage also reduces provenance.
Instruction Scope
The runtime instructions only show making HTTP calls to the provider's endpoints (save/search/list/usage). They don't instruct reading local files, system credentials, or other unrelated data. That is within scope. However the instructions lack details on how to supply authentication/headers and give no guidance about what user/agent data will or will not be sent to the third-party service — which is an important omission because the feature's purpose (storing 'memories') inherently involves sending conversation/context to an external server.
Install Mechanism
This is an instruction-only skill with no install spec and no code files — minimal disk/write risk. No downloads or package installs are requested.
Credentials
The public description and SKILL.md state 'API Key 필요' / 'API Key 발급 후 바로 사용 가능', yet the registry entry lists no required environment variables or primary credential. This mismatch is a proportionality and disclosure concern: a cloud API that requires a key should declare how the agent will receive/store that credential (primaryEnv) and how it will be used. The absence of that makes credential handling unclear.
Persistence & Privilege
The skill is not always-enabled and uses default autonomous invocation settings. It does not request persistent system-level privileges or claim to modify other skills or agent-wide config.
What to consider before installing
This skill is an instruction-only connector to a third‑party memory API. Before installing, verify the provider and how authentication is handled: ask the author to declare a primaryEnv for the API key and show example Authorization headers. Confirm the service's privacy/data-retention policy and test only with non‑sensitive data. Check TLS and DNS reputation for api.openviking.pro and the listed support email. If you need stronger guarantees, prefer skills that explicitly declare required env vars and provenance or require user approval each time data is sent to an external API. If you proceed, avoid giving it access to secrets or PII and monitor network calls while testing.Like a lobster shell, security has layers — review code before you run it.
latestvk975m34qxtsrhk629gn018a6vd83cppy
License
MIT-0
Free to use, modify, and redistribute. No attribution required.