Skillv1.0.69

ClawScan security

Vincent - Twitter · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 9, 2026, 8:31 PM

Verdict: benign
Confidence: medium
Model: gpt-5-mini
Summary: The skill's requests and runtime instructions are internally consistent with a Twitter/X (Vincent) proxy CLI integration, but it relies on downloading and executing remote npm code at runtime and stores a datasource secret in a shared config path — both are practical but worth reviewing before enabling.
Guidance: This skill appears to do what it claims (use the Vincent proxy to access X/Twitter data). Before installing: (1) understand that runtime 'npx @vincentai/cli@latest' will download and execute npm code — consider pinning to a reviewed version or auditing the CLI on GitHub; (2) confirm you trust heyvincent.ai and their billing/claim workflow (the agent creates a DATA_SOURCES key and returns a claimUrl that the human must claim and fund); (3) review filesystem permissions for ${OPENCLAW_STATE_DIR:-$HOME/.openclaw}/credentials/datasources (or use a dedicated directory) because the secret is persisted there and could be accessible to other processes or skills; (4) if you require stronger isolation, ask for a versioned, audited install method (a fixed npm version or packaged binary) or sandbox the CLI execution. If any of these are unacceptable, do not enable the skill until mitigations are in place.

Review Dimensions

Purpose & Capability: okName/description (search tweets, user profiles, recent tweets) match the instructions: the SKILL.md exclusively uses the Vincent CLI to list/create a DATA_SOURCES secret and call Twitter endpoints via the Vincent proxy. Declared config paths for storing the datasource key align with this purpose.
Instruction Scope: noteRuntime instructions are narrowly scoped to creating/listing a DATA_SOURCES secret and invoking twitter search/profile endpoints via 'npx @vincentai/cli' with the returned keyId. The skill does not instruct reading arbitrary user files or unrelated env vars. However, the agent is instructed to execute a remote CLI (npx) at runtime, which grants the package broad discretion to run on the host.
Install Mechanism: concernThere is no static install spec, but the SKILL.md instructs use of 'npx @vincentai/cli@latest' which downloads and executes code from the npm registry at runtime. This is a supply-chain/runtime execution risk: the remote package can change over time and execute arbitrary code when invoked. Consider pinning a specific vetted version or auditing the CLI's source before use.
Credentials: noteThe skill requests no environment variables and the primary credential model is a Vincent-scoped DATA_SOURCES secret (not a Twitter key). It declares the config paths where the key will be persisted (${OPENCLAW_STATE_DIR:-$HOME/.openclaw}/credentials/datasources or ./datasources), which is proportionate to its function. Be aware these are shared config locations — other local tools or skills with access to that directory could potentially read stored secrets if permissions/isolation are not enforced.
Persistence & Privilege: okalways:false and model invocation enabled is appropriate for this agent-focused, autonomously-invokable skill. The agent can create a datasource secret autonomously, but SKILL.md states calls require the secret to be claimed and credited via the Vincent frontend before API calls succeed, limiting immediate billing risk. There is no 'always:true' or other elevated privilege requested.