install-openviking-memory
Warn
Audited by Gen Agent Trust Hub on May 19, 2026
Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADSCREDENTIALS_UNSAFEPROMPT_INJECTION
Full Analysis
- [REMOTE_CODE_EXECUTION]: The skill utilizes
npx -y openclaw-openviking-setup-helper@latestto download and execute a script from a remote registry at runtime during the backup installation path.\n- [COMMAND_EXECUTION]: Multiple shell commands are invoked to manage the plugin, includingopenclaw gateway restart,curlfor health checks, andopenclaw plugins install.\n- [EXTERNAL_DOWNLOADS]: The skill fetches installation scripts and plugin components from external sources, including the npm registry and GitHub repositories (raw.githubusercontent.com).\n- [CREDENTIALS_UNSAFE]: The skill collects a user-providedAPI_KEYand passes it as a plaintext command-line argument to setup tools, which may expose the sensitive key in system process logs or shell history.\n- [PROMPT_INJECTION]: The skill exhibits an indirect prompt injection surface where user-supplied inputs are interpolated into shell commands.\n - Ingestion points:
BASE_URL,API_KEY, andAGENT_PREFIXcollected from user conversation (SKILL.md).\n - Boundary markers: Absent; there are no delimiters or specific instructions to ignore embedded commands in the user data.\n
- Capability inventory: Shell execution via
curl,npx, andopenclaw(SKILL.md).\n - Sanitization: Limited to natural language instructional requests for the agent to perform basic validation (e.g., regex for prefix); no programmatic escaping or hardcoded sanitization logic is present.
Audit Metadata