ClawHub

Install Openviking Memory

Security checks across malware telemetry and agentic risk

Overview

This is a disclosed installer for a long-term memory plugin; its sensitive behavior is expected for that purpose but users should understand the privacy and API-key implications.

Install only if you want OpenClaw conversations archived to an OpenViking server and later recalled across sessions. Prefer a scoped user API key, avoid entering real sensitive data for testing, confirm the server is one you trust, and review the npm fallback path if you only want installs through ClawHub.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

Vague Triggers

Medium
Confidence
87% confidence
Finding
The trigger list includes broad terms like "RAG," "semantic memory," and generic setup phrases that could cause the skill to activate in situations where the user did not explicitly request installation or configuration. In this skill's context, unintended invocation is more dangerous because the workflow is designed to collect server details and run installation/configuration commands automatically.

Missing User Warnings

High
Confidence
95% confidence
Finding
The skill promotes automatic cross-session capture and recall of "important facts" but does not require a clear upfront privacy notice, retention explanation, or informed consent before enabling persistent memory. This is dangerous because the plugin is explicitly designed to store and retrieve conversation-derived data over time, increasing the chance of retaining sensitive personal or organizational information without meaningful user awareness.

Missing User Warnings

Medium
Confidence
90% confidence
Finding
The skill asks the user for an API key and then passes it on the command line to setup tooling, but it provides no warning about the sensitivity of the credential or the exposure risks of handling secrets this way. Command-line arguments can be logged, surfaced in process listings, or retained in agent/tool transcripts, which makes credential leakage more likely.

Ssd 3

Medium
Confidence
93% confidence
Finding
The skill explicitly instructs the agent to remember and later recall user facts across sessions, creating a persistent memory channel that can retain sensitive personal or business information beyond the immediate conversation. In this context, the danger is increased because persistence is the core feature, yet there are no strong safeguards, minimization rules, or warnings discouraging storage of sensitive categories of data.

Ssd 3

Medium
Confidence
97% confidence
Finding
The verification flow uses an email address as the example fact to store and recall, which normalizes testing the system with real personal data. This is risky because users often copy the example literally or substitute similarly sensitive identifiers, leading to unnecessary retention of personally identifiable information in a long-term memory system.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal