Back to skill
Skillv1.0.0
VirusTotal security
Viking Memory · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 4:10 AM
- Hash
- 86ce3ed093b516b2c584fc21da80d9d473ec22b16dca384f710b7ea5414a3f93
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: viking-memory Version: 1.0.0 The skill interacts with a local service (`http://127.0.0.1:18790`) via HTTP POST requests, as seen in `index.js`. Specifically, the `listMemoriesHandler` calls the `/api/v1/fs/ls` endpoint, passing a user-controlled `path` parameter directly. While the skill itself only makes an HTTP request, this design exposes a potential vulnerability in the backend `OpenViking` service. If the `OpenViking` service's `/api/v1/fs/ls` endpoint is susceptible to path traversal or command injection via the `path` parameter, an attacker could potentially exploit this through the skill to access or manipulate local files on the system running the `OpenViking` service. This represents a risky capability, even without clear malicious intent from the skill's code itself.
- External report
- View on VirusTotal