OpenViking
ReviewAudited by ClawScan on May 10, 2026.
Overview
OpenViking is a coherent RAG/search skill, but it can persistently index local files and directories into agent memory without clear scope, retention, or deletion guidance.
Review this skill carefully before installing. It appears purpose-aligned for RAG/search, but only add files you intentionally want stored in its vector database, avoid broad private directories, protect the API-key config file, and verify the external OpenViking repository before running setup.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private documents could be embedded, stored, and later reused in agent context if a user or agent adds broad directories or sensitive files.
The skill can ingest local files or whole directories into persistent vector storage, but the documentation does not define safe paths, exclusions, retention, deletion, or reuse boundaries.
`add_resource` | Add files, directories, or URLs ... `data/` - Vector database storage
Only add specifically selected non-sensitive files, avoid whole private directories, and require clear documentation for storage location, deletion/unindexing, exclusions, and user confirmation before ingestion.
Anyone with access to the configured `ov.conf` file may be able to use the user's Volcengine/Ark account quota or access provider-backed model services.
The skill requires provider API keys for its embedding and LLM functions. This is purpose-aligned and disclosed, but it is still sensitive credential handling.
**Required: Volcengine/Ark API Keys** ... `embedding.dense.api_key` ... `vlm.api_key`
Store `ov.conf` securely, use least-privilege keys if available, rotate keys if exposed, and review provider billing and data-handling settings.
The code and dependencies installed during setup may change over time if the upstream repository changes.
The setup script clones a remote repository and installs its dependencies. This is central to the skill's purpose and user-directed, but it is not pinned to a specific reviewed commit in the artifacts.
git clone "$REPO_URL" "$INSTALL_DIR" ... uv sync
Verify the repository before setup, consider pinning a known commit or release, and review dependency files before running the MCP server.
A connected agent may query or modify the local knowledge base through the MCP server according to the available tools.
The skill connects an agent to a local MCP server over HTTP. This is expected for MCP integration, but it creates a data boundary where the connected agent can use the server's query/search/add-resource tools.
claude mcp add --transport http openviking http://localhost:2033/mcp
Keep the server bound to localhost/127.0.0.1, connect only trusted clients, and avoid exposing the MCP port to a network.