Skillv1.0.0

ClawScan security

Vincent - Agent Wallet · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:59 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's instructions match a wallet-for-agents use case, but the package metadata omits the required API credential and the source is unknown — this mismatch and reliance on a third‑party custody API warrant caution.
Guidance: This skill appears to implement an agent-controlled wallet via a hosted API (heyvincent.ai). Before installing: (1) verify the publisher and service (no source/homepage provided here); (2) confirm you trust heyvincent.ai to custody private keys and to act on the agent's behalf; (3) insist that the registry metadata be updated to declare the required API key/primary credential so the platform can surface and protect it; (4) store any API keys securely (avoid world-readable locations) and prefer per-agent, least-privilege API keys and strict spending policies; (5) test with minimal funds and monitor transactions; (6) if you cannot validate the service or the publisher, do not provide real funds or long‑lived credentials.

Review Dimensions

Purpose & Capability: concernThe SKILL.md clearly requires an API key (Bearer token) to create and operate wallets on heyvincent.ai; however the registry metadata lists no primary credential or required env vars. That is inconsistent: the skill cannot function as documented without a secret but the package does not declare or surface that requirement. Also there is no source/homepage provided for the publisher, making it harder to validate.
Instruction Scope: noteThe runtime instructions are narrowly focused on wallet operations (create wallet, get balances, transfer, swap, raw signing, polymarket betting). They explicitly instruct storing and using an API key (paths such as ~/.openclaw/credentials/agentwallet/<API_KEY_ID>.json or ./agentwallet/...), and describe interactions with a remote API (heyvincent.ai). They do not instruct reading unrelated system files, but they do instruct where to persist credentials which can increase risk if the files are accessible to other components.
Install Mechanism: okInstruction-only skill with no install spec and no code files — low install risk. However it relies on outbound network calls to a third‑party domain (heyvincent.ai), which is expected for a hosted wallet service but should be verified by the user.
Credentials: concernAlthough the skill requires an API key to operate, the metadata declares no required environment variables or primary credential. That omission is disproportionate and problematic: the skill will expect and use a secret, but the platform won't prompt for or label it. The SKILL.md also recommends specific storage paths for credentials, which could be sensitive if other skills or processes can access them.
Persistence & Privilege: okThe skill does not request always:true and has typical autonomous-invocation defaults. That is normal. Note: if you grant the skill (or the agent) the API key, it can autonomously initiate transfers within the wallet's policy — so giving the key is effectively granting on‑chain transaction capability.