Skillv1.0.0

ClawScan security

Vincent - A secure wallet for your agent · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousFeb 11, 2026, 8:59 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's declared purpose (an agent wallet that never exposes private keys) matches its instructions, but it relies on an external service (heyvincent.ai) with no source/homepage, asks you to store API keys on disk, and grants an agent the ability to execute financial transactions — which is high-risk and warrants caution.
Guidance: This skill appears to implement exactly what it says (a remote wallet API) but you should proceed cautiously: 1) Trust and provenance: the source/homepage are missing — verify who runs heyvincent.ai, review their security/privacy docs, code audits, and key handling policies before putting real funds behind it. 2) API key risk: the API key (Bearer token) grants financial authority — store it securely, limit its scope, and prefer short‑lived keys or revocation controls. The SKILL.md suggests storing keys at ~/.openclaw/credentials/agentwallet/… even though the registry lists no config paths; confirm where keys will be written and who/what can read them. 3) Autonomous actions: because the agent can invoke the skill autonomously, explicitly require interactive confirmation for any transfer/swap/sign operation or restrict the agent to read-only actions unless you approve transactions. 4) Least privilege: use this skill only with small test funds and tightly scoped spending policies until you have audited the service. 5) Ask the publisher for missing info that would raise confidence: source code or repo, security audit, API key scopes/permissions, how private keys are generated/rotated/revoked, data retention and telemetry, and exact policy controls available to limit agent actions.

Review Dimensions

Purpose & Capability: noteThe name/description match the SKILL.md: the instructions implement a remote smart-account wallet API (create wallet, get address, check balances, transfer, swap, raw signing). This is coherent for a wallet skill. However the skill depends entirely on an external service (heyvincent.ai) and the registry metadata lists no source/homepage — a transparency/trust gap worth noting.
Instruction Scope: noteInstructions are narrowly about calling the external API with a Bearer token and do not instruct reading unrelated system files or environment variables. But the skill's runtime instructions enable broad capabilities (arbitrary transactions, raw signing, swaps, Polymarket bets). Those capabilities are within the stated purpose but are high-impact: an agent with the API key can move funds or sign messages. The SKILL.md also instructs storing credentials in ~/.openclaw/credentials/agentwallet/<API_KEY_ID>.json (or working dir), which is a filesystem path the skill will rely on even though the registry declared no required config paths.
Install Mechanism: okThis is instruction-only with no install spec and no code files — lowest install risk. All network activity is performed by curl examples calling an external API; no archive downloads or package installs are present.
Credentials: concernThe skill declares no required environment variables or credentials, but the instructions require and rely on an API key (Bearer token) produced by the service and advise storing it on disk. The registry metadata lists no required config paths, yet the SKILL.md explicitly references ~/.openclaw/credentials/agentwallet/<API_KEY_ID>.json — this mismatch (no declared config required vs. SKILL.md path guidance) is an inconsistency. Asking an agent to manage an API key that can authorize financial transactions is a high-privilege secret; the skill should have been explicit about how keys are protected and scoped.
Persistence & Privilege: notealways:false (good). disable-model-invocation:false (default) means an agent can call the skill autonomously; combined with wallet actions this increases risk because an autonomous agent could execute transfers or sign messages if it obtains the API key. The skill does not request or modify other skills or global agent configs.