OpenViking
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: openviking Version: 1.0.3 The OpenViking skill bundle is designed to set up and interact with a local RAG (Retrieval Augmented Generation) server. The `SKILL.md` provides clear, non-malicious instructions for the AI agent and user, without any evidence of prompt injection attempts to subvert the agent's purpose. The `scripts/init.sh` script performs standard setup tasks: cloning the OpenViking repository from `https://github.com/volcengine/OpenViking`, installing Python dependencies using `uv sync`, and creating a configuration template. There is no evidence of data exfiltration, persistence mechanisms, or other intentionally harmful behaviors. The instruction to install `uv` via `curl | sh` is a user-facing prerequisite, not an action directly executed by the skill itself, and `uv` is a legitimate tool.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Private documents could be embedded, stored, and later reused in agent context if a user or agent adds broad directories or sensitive files.
The skill can ingest local files or whole directories into persistent vector storage, but the documentation does not define safe paths, exclusions, retention, deletion, or reuse boundaries.
`add_resource` | Add files, directories, or URLs ... `data/` - Vector database storage
Only add specifically selected non-sensitive files, avoid whole private directories, and require clear documentation for storage location, deletion/unindexing, exclusions, and user confirmation before ingestion.
Anyone with access to the configured `ov.conf` file may be able to use the user's Volcengine/Ark account quota or access provider-backed model services.
The skill requires provider API keys for its embedding and LLM functions. This is purpose-aligned and disclosed, but it is still sensitive credential handling.
**Required: Volcengine/Ark API Keys** ... `embedding.dense.api_key` ... `vlm.api_key`
Store `ov.conf` securely, use least-privilege keys if available, rotate keys if exposed, and review provider billing and data-handling settings.
The code and dependencies installed during setup may change over time if the upstream repository changes.
The setup script clones a remote repository and installs its dependencies. This is central to the skill's purpose and user-directed, but it is not pinned to a specific reviewed commit in the artifacts.
git clone "$REPO_URL" "$INSTALL_DIR" ... uv sync
Verify the repository before setup, consider pinning a known commit or release, and review dependency files before running the MCP server.
A connected agent may query or modify the local knowledge base through the MCP server according to the available tools.
The skill connects an agent to a local MCP server over HTTP. This is expected for MCP integration, but it creates a data boundary where the connected agent can use the server's query/search/add-resource tools.
claude mcp add --transport http openviking http://localhost:2033/mcp
Keep the server bound to localhost/127.0.0.1, connect only trusted clients, and avoid exposing the MCP port to a network.