install-openviking-memory
Warn
Audited by Socket on May 19, 2026
1 alert found:
SecuritySecuritySKILL.md
MEDIUMSecurityMEDIUM
SKILL.md
SUSPICIOUS. The overall purpose is coherent for a memory-plugin installer, but the backup path is disproportionately risky: it uses an unpinned npx helper at @latest, downloads code from raw GitHub, runs npm install, and receives API keys and tenant IDs. That makes the skill materially riskier than a normal configuration guide, even though its main workflow aligns with the stated goal.
Confidence: 87%Severity: 80%
Audit Metadata