Vouch
ReviewAudited by ClawScan on May 10, 2026.
Overview
Vouch is a coherent identity-management skill, but it grants broad authority over wallets, API keys, social identity links, billing, publishing, and reset/teardown actions without clear permission boundaries.
Install this only if you trust the Vouch CLI and vouch.directory. Run onboarding yourself where possible, keep wallet/API keys secure, prefer testnet during evaluation, and restrict or require confirmation for mutating commands such as link, delegate, publish, revoke, reset, teardown, billing, and account management.
Findings (4)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this skill could create or use cryptographic identity credentials and link them to social accounts, affecting how the user or agent is represented on-chain.
The skill handles persistent wallet keys, OAuth identity linking, and API account credentials. These are purpose-aligned, but high-impact; the supplied metadata declares no primary credential or required config paths, so the privilege boundary is under-disclosed.
Generate wallet — creates a new identity keypair stored locally at `~/.vouch/keys/` ... Connect account — opens browser for X or GitHub OAuth, which creates your API account (provides API key) and links your identity on-chain
Declare the wallet/config/API-key requirements explicitly, use testnet for setup where possible, and require user approval before init, login, identity-linking, delegation, revocation, billing, or publishing actions.
A mistaken or over-eager agent action could change identity/account state, publish endpoints, revoke links or keys, or reset/teardown Vouch state.
The command set includes account, publishing, delegation, revocation, reset, and teardown operations. These are related to the stated purpose, but the artifacts do not show clear approval gates or scoping for high-impact mutations.
"allowed_commands": ["init", "login", "account", "link-x", "link-github", "link-dns", "sign", "verify", "send", "receive", "lookup", "whoami", "status", "delegate", "publish", "agent", "allowlist", "revoke-key", "revoke-link", "reset", "teardown"]
Restrict allowed commands to the minimum needed and require explicit user confirmation for mutating commands such as init, login, link, delegate, publish, account, revoke, reset, and teardown.
Installing the CLI runs code from the Vouch website on the user's machine.
The skill relies on a remote shell installer for the Vouch CLI. This is a common setup pattern and is disclosed, but the installer and CLI code are not included in the reviewed artifacts.
curl -fsSL https://vouch.directory/install.sh | bash
Install only if you trust vouch.directory, review the installer where possible, and avoid running setup from privileged shells unless necessary.
Remote agents or endpoints may send signed payloads that influence the local agent's workflow.
The skill supports remote agent-to-agent messaging and URL-based verification. This is central to Vouch's purpose, but verified messages and remote endpoints should still be treated as untrusted inputs.
send verified messages to other agents; receive and process incoming verified messages; ... vouch --json verify --url https://agent.example.com/latest-signed
Verify signatures, check scopes and allowlists, and require user approval before acting on remote messages that request sensitive data access, spending, publishing, deletion, or account changes.