ClawHub
Back to skill

Security audit

Setup OpenViking Remote Memory

Security checks across malware telemetry and agentic risk

Overview

This skill has a legitimate OpenViking setup purpose, but it gives an agent broad authority to install, configure, persist remote memory, handle an API key, and restart services with limited user confirmation.

Install only if you trust the OpenViking server and understand that chat-derived information may be stored remotely and reused later. Ask to see and approve commands before execution, use a least-privilege revocable API key, and confirm where the key and memories are stored, how to disable memory, and how to delete stored data.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (5)

Vague Triggers

Medium
Confidence
94% confidence
Finding
The trigger phrase "set up memory" is broad enough to match common user intent that may not specifically mean installing and configuring a plugin. In this skill, activation leads to autonomous environment checks, network access, plugin installation, configuration changes, and gateway restart, so accidental invocation can cause unintended system modification.

Vague Triggers

Medium
Confidence
96% confidence
Finding
Triggering on any shared link or URL containing the skill is ambiguous and can be abused through innocuous-looking pasted content. Because this skill performs privileged local actions and collects connection details, a loose URL-based trigger increases the chance of unintended activation and social-engineering-driven execution.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill asks the user to provide an API key and then stores it via CLI configuration, but it gives no warning about credential sensitivity, storage location, redaction, or exposure in logs/history. In a conversational agent context, secrets entered by the user may be retained, displayed, or mishandled unless explicitly protected.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill promotes automatic cross-session memory and saving important conversation data without informing the user about privacy, retention, or what categories of information may be stored remotely. Since the configured endpoint can be an arbitrary server, this creates a real risk of users disclosing personal or sensitive data without meaningful consent.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
## IMPORTANT RULES

1. **NEVER ask the user to run commands themselves.** You run everything.
2. **NEVER skip the health check (Step 5).** If the server is unreachable, do NOT proceed.
3. **NEVER proceed past a failed step.** Fix or report every error before moving on.
4. **ALWAYS use the exact commands shown.** Do not improvise or combine commands.
Confidence
88% confidence
Finding
NEVER ask the user

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal