OpenViking 上下文数据库
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This skill appears purpose-aligned for OpenViking context search and memory, but it installs dependencies, stores API keys locally, and can persist/index user-selected files.
This looks like a legitimate OpenViking integration. Before installing, be comfortable with running its setup scripts, storing provider API keys in ~/.openviking, and allowing selected files or memories to be indexed for future retrieval. Avoid adding directories that contain secrets or private data you do not want used as agent context.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing may run newer or changed upstream code that was not part of this review.
The install script fetches the latest OpenViking package and optionally executes an unpinned remote installer. This is related to the skill's purpose and user-confirmed, but it depends on external code that is not version-pinned in the artifact.
pip install openviking --upgrade --force-reinstall ... curl -fsSL https://raw.githubusercontent.com/volcengine/OpenViking/main/crates/ov_cli/install.sh | bash
Review the upstream OpenViking package or pin trusted versions before installing, especially in sensitive environments.
Your provider API key will be stored in a local config file and used by OpenViking.
The setup script prompts for a model-provider API key and writes it into ~/.openviking/ov.conf. This is expected for provider-backed embeddings/VLM use, but the registry metadata does not declare a primary credential.
prompt "API Key: " ... "api_key": "$API_KEY" ... cat > "$CONFIG_DIR/ov.conf"
Use a scoped API key where possible, protect ~/.openviking/ov.conf permissions, and avoid sharing backups or logs that may include configuration files.
Information added to OpenViking may be reused in later sessions and could influence future agent responses.
The skill explicitly supports persistent agent memory across sessions. This is central to the OpenViking context-database purpose, but persistent memory can retain sensitive or incorrect context for future use.
会话记忆 | 自动提取长期记忆,跨会话保持
Add only intended project documents or memories, avoid secrets unless necessary, and periodically inspect or clear stored context if it becomes stale or sensitive.