ov-server-operate

The skill's stated purpose (operating and maintaining an OpenViking server) is coherent with its procedural content. However, the footprint raises security concerns: it downloads and executes a remote installer (curl | sh) from an unverified domain, uses plaintext API keys in configuration files, and relies on external model/provider endpoints. While the overall workflow to configure, start, monitor, and clean up the server is typical for a DevOps/ops guide, the install/bootstrapping flow and credential handling introduce notable risk. Treat as SUSPICIOUS with high caution due to supply-chain/download-execute risk and plaintext credential exposure, and recommend replacing remote installer with a trusted, signed installer from an official registry, enforcing secret management best practices, and pinning/verifying dependencies.