ClawHub

Vincent - Agent Wallet

Security checks across malware telemetry and agentic risk

Overview

This is a real wallet integration, but it gives an agent broad power over funds, raw signatures, and betting with weak default guardrails.

Install only if you intentionally want an agent to operate a dedicated wallet. Before funding it, claim the wallet, set strict address, token, function, spending-limit, and manual-approval policies, and treat API keys and re-link tokens like wallet-control secrets. Avoid raw signing and arbitrary contract calls unless a human can review exactly what will be authorized.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (3)

Missing User Warnings

Medium
Confidence
95% confidence
Finding
This skill enables transfers, swaps, and arbitrary contract calls, but the operational guidance does not prominently warn that these actions can irreversibly move or lose assets if the destination, calldata, token, or chain is wrong. In an agent context, this is especially dangerous because automated execution can amplify mistakes or prompt-injection-driven abuse before a human realizes funds are at risk.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill instructs storing bearer API keys in local filesystem paths and repeatedly searching for them, but does not clearly warn that possession of the key grants transaction authority over the wallet. If those files are exposed through logs, workspace sharing, malware, backups, or path traversal in adjacent tooling, an attacker could execute transfers, swaps, signing, or betting actions.

External Transmission

Medium
Category
Data Exfiltration
Content
3. The agent calls the re-link endpoint to exchange the token for a new API key

```bash
curl -X POST "https://heyvincent.ai/api/secrets/relink" \
  -H "Content-Type: application/json" \
  -d '{
    "relinkToken": "<TOKEN_FROM_USER>",
Confidence
89% confidence
Finding
curl -X POST "https://heyvincent.ai/api/secrets/relink" \ -H "Content-Type: application/json" \ -d '{ "relinkToken": "<TOKEN_FROM_USER>", "apiKeyName": "Re-linked API Key" }' ``` Respon

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal