ClawHub
Back to skill
v1.2.0

Openviking Pro Skill

ReviewClawScan verdict for this skill. Analyzed May 1, 2026, 7:57 AM.

Analysis

This skill is coherent as a cloud memory API, but it asks agents to save and share AI memory in an external service without clear privacy, retention, sharing, or credential boundaries.

GuidanceReview this carefully before installing. It is not showing clear malware behavior, but its main function is to send and persist AI memory in an external cloud service, possibly shared across agents or teams. Do not store secrets, customer data, private conversations, or confidential project details unless you have verified the provider's access controls, deletion/retention policy, and API key handling.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse
SeverityLowConfidenceHighStatusNote
metadata
Required env vars: none; Env var declarations: none; Primary credential: none ... Description: ... API Key 필요.

The skill and registry description say an API key is needed, but the registry credential contract does not declare how that credential should be supplied or scoped.

User impactUsers may provide an API key manually without clear guidance on safe storage, rotation, or scope.
RecommendationPrefer a scoped API key stored in a secure environment variable or secrets manager, and avoid pasting credentials directly into prompts or shared files.
Sensitive data protection

Checks for exposed credentials, poisoned memory or context, unclear communication boundaries, or sensitive data that could leave the user's control.

Memory and Context Poisoning
SeverityMediumConfidenceHighStatusConcern
SKILL.md
OpenViking Pro는 AI의 기억을 클라우드에 압축해서 저장해요.

The skill explicitly stores AI memory in a cloud service, but the artifact does not define retention, deletion, data sensitivity limits, or how retrieved memory should be treated before reuse.

User impactPrivate project or conversation details could be persisted outside the local environment and later reused by an agent in ways the user did not expect.
RecommendationOnly store non-sensitive information unless the provider's privacy, deletion, retention, and access-control terms are clear; retrieved memory should be treated as untrusted context.
Insecure Inter-Agent Communication
SeverityMediumConfidenceHighStatusConcern
SKILL.md
팀 공유: 여러 AI가 같은 DB 공유

The skill advertises that multiple AIs can share the same database, but it does not describe identity, permission boundaries, workspace scoping, or protections against one agent's data influencing another.

User impactShared memory could expose data across users, teammates, or agents, and one agent's stored content could affect another agent's future outputs.
RecommendationUse separate namespaces or projects, confirm access controls before enabling team sharing, and avoid storing secrets or confidential records in shared memory.