Back to skill
Skillv1.0.0
ClawScan security
Viking Memory · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignFeb 18, 2026, 6:11 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill is internally coherent: it talks to a local OpenViking memory service on 127.0.0.1:18790, requires no external credentials, and the provided code matches the SKILL.md instructions.
- Guidance
- This skill communicates only with a local OpenViking service on 127.0.0.1:18790 and asks for no external credentials, so the main risk is privacy: the agent (or you) may store conversation content into your local memory store. Before installing, confirm you trust the local OpenViking instance and that it is bound to localhost (not exposed externally). If you are uncomfortable with automatic saving of chat content, either disable autonomous invocation for this skill in your agent settings or avoid using the 'auto-save' behavior; you can still call search/add/read manually. The included index.js is short and readable — review it if you want to confirm behavior.
Review Dimensions
- Purpose & Capability
- okName/description (长期记忆/语义检索) align with required actions and the included code: search, add, read, list and status operations against a local Viking API. No unrelated credentials, binaries, or install steps are requested.
- Instruction Scope
- noteSKILL.md and index.js instruct only local HTTP calls to 127.0.0.1:18790 and show example curl requests. One minor scope note: the docs mention '自动保存' (auto-save important info during conversation), which gives the agent discretion to persist conversation content to the memory store — a privacy consideration but not a technical incoherence.
- Install Mechanism
- okNo install spec is provided (instruction + code file only). Nothing is downloaded or executed from external URLs; the skill relies on a local service. This is low install risk.
- Credentials
- okThe skill requests no environment variables, no credentials, and uses only a hard-coded localhost URL. Environment/credential requirements are proportionate to the stated purpose.
- Persistence & Privilege
- okalways is false and there are no instructions altering other skills or system-wide configuration. The skill can be invoked autonomously (platform default) — combined with the 'auto-save' behavior this is a privacy consideration but not an incoherence or excessive privilege request.