openviking-memory
Fail
Audited by Gen Agent Trust Hub on Mar 10, 2026
Risk Level: HIGHDATA_EXFILTRATIONREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [DATA_EXFILTRATION]: The skill accesses local paths that typically store sensitive configuration and environment variables.
- Evidence: The documentation refers to reading from ~/.openclaw/openviking.env and ~/.openviking/ov.conf.
- [REMOTE_CODE_EXECUTION]: The skill documentation includes examples of an insecure remote code execution pattern.
- Evidence: The command curl -fsSL ... | bash in the Multi-Instance Support section.
- [COMMAND_EXECUTION]: The skill performs command-line operations to manage the agent and execute setup scripts.
- Evidence: Use of npx for a setup helper and openclaw for configuration and gateway management.
- [PROMPT_INJECTION]: The skill creates a surface for indirect prompt injection by storing and recalling arbitrary user text.
- Ingestion points: Untrusted data from user messages and the memory_store tool (SKILL.md).
- Boundary markers: Absent; there are no clear delimiters mentioned to isolate recalled memories.
- Capability inventory: Uses memory_recall to automatically inject stored data into the prompt context (SKILL.md).
- Sanitization: Absent; no validation or escaping of memory content is described.
Recommendations
- AI detected serious security threats
Audit Metadata