openviking-context-database

Pass

Audited by Gen Agent Trust Hub on Jun 26, 2026

Risk Level: SAFE
Full Analysis
  • [SAFE]: The skill is a standard operational tool for a context engine and demonstrates adherence to security best practices by explicitly instructing the agent never to log or echo API keys.
  • [COMMAND_EXECUTION]: The skill documents the use of the openclaw CLI for status checks and configuration. These commands are restricted to local environment setup and plugin maintenance.
  • [DATA_EXFILTRATION]: While the skill facilitates the transfer of data (resources and memories) to a remote OpenViking server, this is its primary functional purpose. It mitigates common risks by recommending plugin-specific upload tools rather than direct transmission of local filesystem paths.
  • [PROMPT_INJECTION]: The skill's ingestion features (importing URLs, PDFs, and Git repositories) create a surface for indirect prompt injection. This risk is acknowledged and addressed through the inclusion of the ov_recall_trace tool, which allows for auditing and debugging the retrieval process, and the mention of turn text sanitization.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 26, 2026, 10:43 AM
Security Audit — agent-trust-hub — openviking-context-database