ClawHub

Vincent - Twitter

Security checks across malware telemetry and agentic risk

Overview

This Twitter/X lookup skill is coherent, but it needs Review because it can let an agent automatically buy service credits with a crypto wallet and runs an unpinned external CLI.

Install only if you are comfortable with an agent using Vincent as a paid external proxy, storing a local Vincent key, and running the Vincent npm CLI. Do not enable or use the autonomous credit top-up flow unless you have explicit per-purchase approval, a hard budget, and a wallet funded only for this purpose; prefer manual top-ups, revoke the key when done, and pin or review the CLI version before use.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

Description-Behavior Mismatch

Medium
Confidence
94% confidence
Finding
The skill is presented as a Twitter/X data access integration, but it also includes functionality for purchasing credits and initiating payment workflows. This expands the skill from read-only data retrieval into financial operations, which materially changes the risk profile and can lead to unanticipated spending by an autonomous agent.

Context-Inappropriate Capability

High
Confidence
97% confidence
Finding
Allowing an agent to autonomously purchase credits via wallet-based payment is not necessary for basic Twitter data access and introduces direct financial-risk behavior. If invoked without strong authorization boundaries, the agent could spend funds, top up repeatedly, or be induced by prompt manipulation to convert wallet assets into service credit.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The documentation claims human oversight and controlled spending, but later sections explicitly enable no-human-intervention credit purchases and automatic replenishment. This contradiction can mislead operators about the real autonomy level of the skill and cause them to grant it more trust than warranted.

Vague Triggers

Medium
Confidence
79% confidence
Finding
Broad trigger phrases like 'twitter' or 'look up user' can cause the skill to activate in situations broader than intended, including ambiguous requests that do not require this paid external integration. In context, unintended invocation is more dangerous because each call may consume credits and engage external services.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The markdown permits autonomous credit purchases and provides an auto-replenishment pattern without a strong, explicit warning that real funds or wallet assets may be spent. In an agent context, this creates a material risk of unauthorized or surprising charges, especially if the agent is induced to continue operating indefinitely.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal