Vincent - Credentials
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
This credential-management skill is purpose-aligned, but it makes strong non-exposure claims while documenting agent-side flows that can put secrets into CLI arguments or rely on uncertain .env read protections.
Review before installing. Use this only if you trust Vincent with the secrets involved, prefer entering values through the Vincent dashboard instead of agent CLI arguments, pin or audit the CLI if possible, and verify exactly which .env file will be written.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A user may believe secrets can never enter the agent context, while some documented workflows can expose them to the agent or execution environment.
The artifact gives broad safety assurances, but the documented agent-set path places the secret value directly in a command argument, which can enter the agent/tool-call record or process arguments. The .env read-back protection is also framed as dependent on framework behavior rather than guaranteed.
"The credential value never appears in the agent's context or stdout." ... "Option B: Agent sets via CLI" ... "npx @vincentai/cli@latest secret set-value --key-id <KEY_ID> --value '{\"username\": \"alice\", \"password\": \"hunter2\"}'" ... "Many agent frameworks blacklist reading `.env` files ... the agent cannot read it back."Prefer the dashboard claim flow for entering secret values. Do not have the agent pass secrets via `--value`; use safer input mechanisms if supported, verify .env read restrictions, and narrow the documentation claims.
Installing the skill means trusting the Vincent service and CLI with secrets that may control third-party accounts or infrastructure.
The skill handles high-value credentials, stores a provider API key locally, fetches secrets from Vincent, and writes them into project environment files. This is disclosed and aligned with the stated purpose, but it is sensitive delegated authority.
"Use this skill to securely manage credentials ... API keys, passwords, OAuth tokens, SSH keys" ... "The `secret env` CLI command fetches the credential from the Vincent server and writes it directly to a `.env` file on disk" ... "the CLI stores the API key automatically"
Use least-privilege credentials, review the generated .env file path, claim and revoke secrets from the dashboard when appropriate, and avoid storing production SSH keys or broad OAuth tokens unless necessary.
A future or compromised CLI release could affect credential handling because the skill runs the latest package.
The skill executes an external npm package at runtime using the floating `@latest` version, and no CLI code or lockfile is present in the provided artifact set. This is expected for the skill's design but leaves users dependent on the current package supply chain.
allowed-tools: Read, Write, Bash(npx:@vincentai/cli*) ... "All commands use the `@vincentai/cli` package" ... "npx @vincentai/cli@latest secret list --type CREDENTIALS"
Pin and audit a known-good CLI version where possible, and install only if you trust the Vincent npm package provenance.