Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Vincent - Credentials
v1.0.69Secure credential management for agents. Use this skill when users need to store API keys, passwords, OAuth tokens, or SSH keys and write them to .env files...
⭐ 0· 468·2 current·2 all-time
byChris Cassano@glitch003
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
Name/description align with the declared behavior: a credential-management helper that writes secrets to .env files and persists a CLI-scoped key under the declared credentials paths. Allowed tools (Bash with npx:@vincentai/cli*) are consistent with using a vendor CLI.
Instruction Scope
The SKILL.md repeatedly asserts 'the credential value never appears in the agent's context or stdout' but the examples show using --value on the CLI (e.g. secret set-value --value '{...}' or passing API keys on the command line). Supplying secrets as command-line arguments can expose them to shell history, process listings, CI logs, or agent logs — contradicting the stated security guarantee. The instructions also permit the agent to write .env files on disk, which is expected, but they assume agent frameworks will not read those files (a policy assumption that may not hold).
Install Mechanism
There is no install spec; the guidance relies on npx @vincentai/cli (often @latest). That causes runtime download-and-execute of npm package code (moderate-to-high risk). The skill does not advise pinning a package version or verifying integrity, increasing attack surface if the package or npm account is compromised or a malicious version is published.
Credentials
The skill requests no environment variables and declares reasonable local credential paths. That is proportionate. However, the skill persists provider-scoped API keys under the agent state dir and allows the agent to set secret values via CLI; the CLI usage demonstrated would expose secrets via command-line arguments even though no env vars are required — a usability/UX vs security mismatch to be aware of.
Persistence & Privilege
always:false and no special system-wide privileges are requested. The skill stores its own credential state under the declared paths; it does not request to modify other skills or global agent configuration.
What to consider before installing
This skill is coherent with its purpose but has notable runtime risks you should consider before installing: 1) Avoid using the 'agent sets value' CLI pattern shown (secret set-value --value ...) because command-line arguments and shell history can leak secrets; prefer the dashboard claim workflow where a human sets the secret. 2) The instructions rely on npx to fetch and execute @vincentai/cli (often @latest) — pin to a specific version (e.g., @vincentai/cli@1.2.3) and audit the package source before running it in a production environment. 3) Confirm where the CLI will store keys (the declared OPENCLAW_STATE_DIR or ./credentials) and ensure those filesystems are appropriately protected and backed up/rotated. 4) Treat the 'value never appears in context' statement skeptically — it depends on how you run the CLI and your agent framework's policies. 5) Operational recommendations: restrict the agent's runtime permissions, run the CLI in an isolated environment if possible, rotate/revoke keys after use, and audit network calls from the CLI (verify it only contacts heyvincent.ai if that is a requirement). If you need help hardening usage patterns (how to pin versions, run the CLI without exposing values on the command line, or configure a safer workflow), get those details before enabling the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk97385k755a6t3bwssd5363avd82kpw6
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Config${OPENCLAW_STATE_DIR:-$HOME/.openclaw}/credentials/credentials, ./credentials