openviking-context-database
Pass
Audited by Gen Agent Trust Hub on Jun 26, 2026
Risk Level: SAFE
Full Analysis
- [SAFE]: The skill is a standard operational tool for a context engine and demonstrates adherence to security best practices by explicitly instructing the agent never to log or echo API keys.
- [COMMAND_EXECUTION]: The skill documents the use of the
openclawCLI for status checks and configuration. These commands are restricted to local environment setup and plugin maintenance. - [DATA_EXFILTRATION]: While the skill facilitates the transfer of data (resources and memories) to a remote OpenViking server, this is its primary functional purpose. It mitigates common risks by recommending plugin-specific upload tools rather than direct transmission of local filesystem paths.
- [PROMPT_INJECTION]: The skill's ingestion features (importing URLs, PDFs, and Git repositories) create a surface for indirect prompt injection. This risk is acknowledged and addressed through the inclusion of the
ov_recall_tracetool, which allows for auditing and debugging the retrieval process, and the mention of turn text sanitization.
Audit Metadata