install-openviking-memory
Fail
Audited by Snyk on May 19, 2026
Risk Level: HIGH
Full Analysis
HIGH W007: Insecure credential handling detected in skill instructions.
- Insecure credential handling detected (high risk: 1.00). The skill asks the user for an API key (and possibly accountId/userId) and explicitly instructs the agent to include those secrets verbatim in generated shell/CLI commands and setup flags (e.g., --api-key in ov-install/openclaw setup), forcing the LLM to output secret values and posing a high exfiltration risk.
MEDIUM W011: Third-party content exposure detected (indirect prompt injection risk).
- Third-party content exposure detected (high risk: 0.90). The skill explicitly queries and injects memories from the user-supplied OpenViking server into the agent's context (see "Auto-Recall (context-engine assemble())" and the memory_recall tool in Part 2), and its backup installer downloads plugin sources from raw.githubusercontent.com, so untrusted/user-generated third‑party content can be read and materially influence agent behavior.
MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).
- Potentially malicious external URL detected (high risk: 0.90). The skill at runtime calls the user-specified OpenViking BASE_URL (e.g., http://127.0.0.1:1933 or https://ov.example.com, including BASE_URL/health and API endpoints) to fetch memories which are injected into the agent's context, so remote content from that URL can directly control prompts.
Issues (3)
W007
HIGHInsecure credential handling detected in skill instructions.
W011
MEDIUMThird-party content exposure detected (indirect prompt injection risk).
W012
MEDIUMUnverifiable external dependency detected (runtime URL that controls agent).
Audit Metadata