Back to plugin
Pluginv2026.4.35
ClawScan security
OpenViking · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 6:01 AM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The code and runtime instructions match the stated purpose (an OpenClaw plugin that integrates with an OpenViking memory/context service); there are no hidden endpoints or obfuscated behaviors, but the plugin will read/write local OpenClaw config, may upload local files to a configured OpenViking server, and can use optional OpenViking credentials — so only install if you trust the target OpenViking endpoint and want local file uploads enabled.
- Guidance
- This plugin appears to do what it claims: integrate OpenClaw with an OpenViking memory/context service and provide import/search tools. Before installing, consider: 1) The plugin can read local files/directories, zip them, and upload them to the configured OpenViking baseUrl — only point it at a server you trust. 2) If you provide OPENVIKING_API_KEY / account/user IDs, the plugin will use them to authenticate requests; treat those secrets like any API key. 3) The setup CLI will write to your OpenClaw config (~/.openclaw/openclaw.json) and may execute subprocesses during interactive setup — review prompts and the config it writes. 4) If you need to audit network traffic, set the baseUrl to a localhost test instance first or inspect requests via a controlled endpoint. If you want, I can list the env vars and config keys the plugin recognizes, or point to the code locations where local files are zipped and uploaded.
Review Dimensions
- Purpose & Capability
- okName/description (OpenViking context-engine plugin for memory management) aligns with the code and runtime behavior: client class, context-engine, resource/skill import tools, ov_import/ov_search tooling, config handling, and a setup CLI. Required capabilities (HTTP client, zip-in-JS, local file access for upload) are expected for this purpose.
- Instruction Scope
- noteRuntime instructions and code explicitly implement importing local files/dirs (zipping and uploading), remote URL/git imports, and adding skills via the OpenViking HTTP API. The setup CLI reads/writes the user's OpenClaw config (~/.openclaw/openclaw.json) and can invoke child processes during interactive setup. These behaviors are relevant to the plugin's purpose but do grant the plugin the ability to read local files and transmit them to the configured OpenViking server — confirm you trust that server and the upload flows before enabling.
- Install Mechanism
- okNo external download/install spec is present; source files are included in the package. The repository uses standard npm dependencies (fflate, typebox) — no remote binary or opaque installer downloads were found. This lowers supply-chain/install risk compared with arbitrary remote fetch-and-extract installers.
- Credentials
- noteCode reads optional environment variables (OPENVIKING_BASE_URL, OPENVIKING_API_KEY, OPENVIKING_ACCOUNT_ID, OPENVIKING_USER_ID, OPENCLAW_STATE_DIR, and several OPENVIKING_* flags). These are appropriate for connecting to an OpenViking service, but registry metadata listed no required env vars — a mild mismatch. The API key and tenant IDs give the plugin authority to act on behalf of a tenant, so only supply them to trusted endpoints.
- Persistence & Privilege
- okSkill is not marked always:true and uses normal plugin registration patterns. It writes configuration to the user's OpenClaw config path (expected for a plugin) and registers CLI commands. It does not request elevated system-wide privileges or modify other skills' configs beyond adding its own entry.