Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Vincent - Trading Engine
v1.0.69Strategy-driven automated trading for Polymarket and HyperLiquid. Use this skill when users want to create trading strategies, set stop-loss/take-profit/trai...
⭐ 0· 539·4 current·4 all-time
byChris Cassano@glitch003
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
high confidencePurpose & Capability
The skill claims to route trades through the Vincent backend and that private keys/LLM keys never leave the server, yet the declared required config paths explicitly point to local agent wallet files (${OPENCLAW_STATE_DIR:-$HOME/.openclaw}/credentials/agentwallet and ./agentwallet). It's unclear why a trading engine that uses a backend service would need local wallet files; this is an unexplained privilege request.
Instruction Scope
SKILL.md allows the agent to run Bash via npx:@vincentai/cli* and also grants Read/Write tools. Running npx will download and execute a package from npm at runtime — effectively executing remote code. The instructions also reference ingesting wide-ranging external data (web, Twitter, RSS, on-chain) and using local agentwallet config; the combination broadens what the agent may read, act on, or transmit beyond the stated minimal purpose.
Install Mechanism
There is no explicit install spec, but allowed-tools include npx:@vincentai/cli*. npx implicitly fetches code from the npm registry and runs it locally. That is equivalent to an install-from-remote and carries the higher risks called out in the guidance (remote package execution).
Credentials
No environment variables are required, but two required config paths point to an 'agentwallet' file. If that file contains private keys or wallet credentials, the skill would have access to sensitive secrets not justified by the description (which said private keys remain on Vincent servers). The mismatch between 'no private keys' claim and required local wallet paths is disproportionate and unexplained.
Persistence & Privilege
always:false (good). However, the skill requests access to local credential paths and can run remote-installed CLI tools, which is a meaningful runtime privilege even without permanent installation. The skill does not request system-wide persistence, but reading/writing an agent wallet is a high-sensitivity action.
What to consider before installing
This skill has inconsistencies you should resolve before installing. Specifically: (1) Ask the author to explain why local agentwallet files are required if all private keys and LLM keys are said to remain on Vincent's servers — what exactly is stored in those paths? (2) Treat the allowed use of npx:@vincentai/cli* as equivalent to installing and executing remote code — review the @vincentai/cli package source, versions, and npm publisher, and prefer pinned versions or a vetted install mechanism. (3) Confirm what files the skill will read/write and whether it will transmit wallet contents or other local data to external services. (4) If you must use it, run the agent in a restricted sandbox, limit its filesystem access to only the minimal required path, and monitor network calls. If the maintainer cannot justify the local wallet requirement and the runtime npx behavior, avoid enabling the skill.Like a lobster shell, security has layers — review code before you run it.
latestvk978w2brfcth630pjhce48k1y982k674
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
Config${OPENCLAW_STATE_DIR:-$HOME/.openclaw}/credentials/agentwallet, ./agentwallet