ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Vincent - Twitter

v1.0.69

Twitter/X.com data access for agents. Use this skill when users want to search tweets, look up user profiles, or retrieve recent tweets. Pay-per-call via Vin...

0· 968·3 current·3 all-time
byChris Cassano@glitch003
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
medium confidence
Purpose & Capability
Name/description (search tweets, user profiles, recent tweets) match the instructions: the SKILL.md exclusively uses the Vincent CLI to list/create a DATA_SOURCES secret and call Twitter endpoints via the Vincent proxy. Declared config paths for storing the datasource key align with this purpose.
Instruction Scope
Runtime instructions are narrowly scoped to creating/listing a DATA_SOURCES secret and invoking twitter search/profile endpoints via 'npx @vincentai/cli' with the returned keyId. The skill does not instruct reading arbitrary user files or unrelated env vars. However, the agent is instructed to execute a remote CLI (npx) at runtime, which grants the package broad discretion to run on the host.
!
Install Mechanism
There is no static install spec, but the SKILL.md instructs use of 'npx @vincentai/cli@latest' which downloads and executes code from the npm registry at runtime. This is a supply-chain/runtime execution risk: the remote package can change over time and execute arbitrary code when invoked. Consider pinning a specific vetted version or auditing the CLI's source before use.
Credentials
The skill requests no environment variables and the primary credential model is a Vincent-scoped DATA_SOURCES secret (not a Twitter key). It declares the config paths where the key will be persisted (${OPENCLAW_STATE_DIR:-$HOME/.openclaw}/credentials/datasources or ./datasources), which is proportionate to its function. Be aware these are shared config locations — other local tools or skills with access to that directory could potentially read stored secrets if permissions/isolation are not enforced.
Persistence & Privilege
always:false and model invocation enabled is appropriate for this agent-focused, autonomously-invokable skill. The agent can create a datasource secret autonomously, but SKILL.md states calls require the secret to be claimed and credited via the Vincent frontend before API calls succeed, limiting immediate billing risk. There is no 'always:true' or other elevated privilege requested.
Assessment
This skill appears to do what it claims (use the Vincent proxy to access X/Twitter data). Before installing: (1) understand that runtime 'npx @vincentai/cli@latest' will download and execute npm code — consider pinning to a reviewed version or auditing the CLI on GitHub; (2) confirm you trust heyvincent.ai and their billing/claim workflow (the agent creates a DATA_SOURCES key and returns a claimUrl that the human must claim and fund); (3) review filesystem permissions for ${OPENCLAW_STATE_DIR:-$HOME/.openclaw}/credentials/datasources (or use a dedicated directory) because the secret is persisted there and could be accessible to other processes or skills; (4) if you require stronger isolation, ask for a versioned, audited install method (a fixed npm version or packaged binary) or sandbox the CLI execution. If any of these are unacceptable, do not enable the skill until mitigations are in place.

Like a lobster shell, security has layers — review code before you run it.

latestvk97fnbtvzkm4tzphr1mgs6cars82j0w4

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Config${OPENCLAW_STATE_DIR:-$HOME/.openclaw}/credentials/datasources, ./datasources

Comments