install-openviking-memory

Warn

Audited by Gen Agent Trust Hub on May 19, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill utilizes npx -y openclaw-openviking-setup-helper@latest to download and execute a script from a remote registry at runtime during the backup installation path.\n- [COMMAND_EXECUTION]: Multiple shell commands are invoked to manage the plugin, including openclaw gateway restart, curl for health checks, and openclaw plugins install.\n- [EXTERNAL_DOWNLOADS]: The skill fetches installation scripts and plugin components from external sources, including the npm registry and GitHub repositories (raw.githubusercontent.com).\n- [CREDENTIALS_UNSAFE]: The skill collects a user-provided API_KEY and passes it as a plaintext command-line argument to setup tools, which may expose the sensitive key in system process logs or shell history.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where user-supplied inputs are interpolated into shell commands.\n
  • Ingestion points: BASE_URL, API_KEY, and AGENT_PREFIX collected from user conversation (SKILL.md).\n
  • Boundary markers: Absent; there are no delimiters or specific instructions to ignore embedded commands in the user data.\n
  • Capability inventory: Shell execution via curl, npx, and openclaw (SKILL.md).\n
  • Sanitization: Limited to natural language instructional requests for the agent to perform basic validation (e.g., regex for prefix); no programmatic escaping or hardcoded sanitization logic is present.
Audit Metadata
Risk Level
MEDIUM
Analyzed
May 19, 2026, 12:26 AM
Security Audit — agent-trust-hub — install-openviking-memory