Skillv1.0.0

ClawScan security

OpenViking记忆适配器 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 5, 2026, 8:37 AM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: This package appears to be a local OpenViking memory adapter that reads and summarizes the agent's workspace files and writes its own memory artifacts — its behavior is coherent with the stated purpose, but I have medium confidence because part of the code was truncated and should be inspected for network/exfiltration logic before use.
Guidance: This skill looks coherent for a local memory adapter, but before installing: (1) review the complete server.py for any network calls, remote endpoints, or code that sends memory content off-machine (the provided file was truncated); (2) confirm whether requests/dotenv are actually used and why; (3) remember it will read your agent's memory files (MEMORY.md, USER.md, SOUL.md, memory/*.md) and will write into ~/.openclaw/workspace/memory_viking — back up any sensitive data first; (4) if you run it, prefer executing in a sandboxed environment first to confirm no unexpected outbound traffic; (5) verify how the marketplace handles the stated per-call payment (0.5 USDT) and whether any credentials/payment hooks are required.

Review Dimensions

Purpose & Capability: okName/description (OpenViking memory adapter) match what the package does: reading agent memory files from ~/.openclaw/workspace, extracting key info, producing L0/L1/L2 artifacts, and exposing tools for analysis and search. The declared artifacts and tool names align with the code and skill.json.
Instruction Scope: okSKILL.md describes local tool calls (openclaw tools call ...) and the server.py implements reading/writing files under ~/.openclaw/workspace and producing summaries. The instructions do not ask for unrelated system files or extra credentials. The code does read potentially sensitive local memory files (MEMORY.md, memory/*.md, USER.md, SOUL.md) — that is expected for a memory adapter but is also precisely the sensitive data surface the user should be aware of.
Install Mechanism: okNo install spec is provided (instruction-only from registry perspective) and the code is executed via MCP (python3 server.py). requirements.txt lists requests and python-dotenv but there is no external installer or downloaded binaries. This is low-install risk; however you should ensure dependencies are installed from trusted sources.
Credentials: okThe skill declares no required env vars, no primary credential, and no config paths beyond ~/.openclaw/workspace which it uses for reading/writing memory — these are proportional to a memory adapter. requirements.txt includes python-dotenv and requests (possible network usage) though the visible code does not access external env variables; that mismatch is minor but worth verifying.
Persistence & Privilege: okSkill is not always:true and does not request elevated system privileges. It writes its own files under ~/.openclaw/workspace/memory_viking (expected). Autonomous invocation is allowed (platform default) but not combined here with other high-risk factors.