ClawHub

OpenViking记忆适配器

Security checks across malware telemetry and agentic risk

Overview

This is a local memory-optimization skill that reads and summarizes OpenClaw memory files, so it is privacy-sensitive but aligned with its stated purpose.

Install only if you want an OpenClaw tool to read your local memory, USER, and SOUL files and create persistent summaries under ~/.openclaw/workspace/memory_viking. Review those generated files, avoid storing secrets in the source memory files, and restrict tool access in sessions where other agents should not query personal memory.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
83% confidence
Finding
The skill advertises or implies file read/write capabilities without declaring corresponding permissions, which breaks transparency and can bypass user/admin expectations about what the skill can access. In a memory-system adapter context, hidden file access is more concerning because it may process or persist sensitive conversational memory, configuration, or local data.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The code reads MEMORY.md, USER.md, SOUL.md, and all memory/*.md files, then downstream tools expose derived or direct content back to the caller. Because there is no permission check, redaction, or sensitivity filter, a caller can cause disclosure of personal memory data and relationship/identity details that may be highly sensitive.

Ssd 3

Medium
Confidence
96% confidence
Finding
The memory summarization logic explicitly extracts identity, goals, relationships, decisions, and skills from all stored memory sources, including USER.md and SOUL.md, and packages them into normal-language outputs. In a memory adapter, this context makes the issue more dangerous because the feature is specifically designed to aggregate intimate user context, amplifying privacy leakage even when raw files are not directly returned.

Ssd 3

Medium
Confidence
98% confidence
Finding
The search tool accepts arbitrary queries and returns verbatim snippets from matching memory files, which enables straightforward extraction of stored personal data with simple keyword probing. This is more dangerous in this skill because the indexed corpus includes user memory, profile, and relationship files, making targeted exfiltration easy and low-friction.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal