ClawHub

OpenViking

Security checks across malware telemetry and agentic risk

Overview

OpenViking is a legitimate local document-search skill, but users should review it because it can persistently index local files, directories, and URLs without clear scoping, retention, or deletion guidance.

Review before installing. Use it only for documents you intentionally want indexed, avoid broad private directories and secrets, protect ov.conf API keys, keep the MCP server bound to localhost, and verify the upstream repository before running setup.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Lp3

Medium
Category
MCP Least Privilege
Confidence
91% confidence
Finding
The skill instructs the user to run shell commands (`test`, `curl`, `bash`, `cd`, `uv run`) but does not declare shell permissions. That mismatch is dangerous because users and orchestrators may assume the skill is documentation-only while it actually drives command execution, including cloning and launching a local service.

Vague Triggers

Medium
Confidence
84% confidence
Finding
The trigger list contains broad phrases such as "knowledge base," "RAG," and "add resource," which are common in normal conversations and can cause accidental invocation. Because this skill can lead to shell setup steps and persistent ingestion of files/URLs, unintended activation increases the chance of surprising or unsafe actions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The description advertises adding files and URLs to vector memory but does not warn that this may ingest local content or remote content into persistent storage. In this context, that omission matters because users may unknowingly store sensitive documents, proprietary data, or fetched web content in the database for later retrieval.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The description embeds a very broad trigger list including generic phrases such as "knowledge base," "RAG," "query pdf," and "add resource," which could match many unrelated user requests and cause the skill to activate outside its intended context. Overbroad activation increases the chance of unintended access to document-search, retrieval, or resource-ingestion capabilities, especially in environments where skill routing is automatic.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal