ClawHub

Vincent - Brave Search

Security checks across malware telemetry and agentic risk

Overview

The skill is a disclosed paid Brave Search integration, but it also gives agents autonomous credit-purchase and wallet-payment workflows that deserve review before use.

Install only if you are comfortable with an agent using Vincent search credits, storing a reusable local DATA_SOURCES credential, sending search queries through Vincent/Brave, and potentially being able to run documented wallet-based credit top-ups. Prefer prepaid/limited balances, avoid enabling an agent wallet for this skill, review each top-up manually, and revoke the Vincent secret when no longer needed.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The skill is advertised as a Brave web/news search capability, but it also documents and enables credit purchasing and payment-related actions. That expands the effective authority of the skill from information retrieval into financial operations, creating a misleading trust boundary and increasing the chance an agent spends funds when the user only intended search.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
Autonomous wallet interaction and credit purchasing are not necessary to fulfill the core purpose of a search skill. Embedding x402 payment flows in a broadly triggered search tool can cause an agent to initiate spending or blockchain wallet actions unexpectedly, which is dangerous even if the vendor intends it as a convenience feature.

Context-Inappropriate Capability

Medium
Confidence
87% confidence
Finding
The skill states that a single DATA_SOURCES key covers other services such as Twitter and includes account-management behaviors beyond Brave Search. This broadens the operational scope and permissions of the skill beyond what its name and description suggest, increasing the risk of unintended use of shared credentials across unrelated data sources.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The trigger phrases are very broad, including generic requests like 'look up' and 'find information', which can cause the skill to activate in many ordinary conversations. Because the skill can create secrets, use stored credentials, and potentially initiate paid calls, overbroad activation increases the risk of unintended external actions and charges.

Missing User Warnings

High
Confidence
97% confidence
Finding
The markdown explicitly instructs autonomous credit purchases and wallet-based top-ups without requiring a clear, immediate user warning or consent step at the point of spending. In the context of an agent skill, this can lead to unauthorized financial actions, especially since the same document encourages autonomous operation and automated replenishment logic.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal