✓ Verified 💻 Development ✓ Enhanced Data

Pincer

Security-first wrapper for installing agent skills.

Rating
4.3 (324 reviews)
Downloads
3,916 downloads
Version
1.0.0

Overview

Security-first wrapper for installing agent skills.

Complete Documentation

View Source →

pincer 🛡️

Security-first wrapper for clawhub install. Scans skills for malware, prompt injection, and suspicious patterns before installation.

Why?

Agent skills are powerful — they're basically executable documentation. The ClawHub ecosystem has already seen malware campaigns distributing infostealers via innocent-looking skills. pincer adds a security layer before you install anything.

Install

bash
# From ClawHub
clawhub install pincer

# Or manually
chmod +x ./scripts/pincer.sh
ln -sf "$(pwd)/scripts/pincer.sh" ~/.local/bin/pincer

Dependencies:

  • clawhub — for fetching skills
  • uvx — for mcp-scan (brew install uv)
  • jq — for JSON parsing

Usage

Safe Install

bash
# Instead of: clawhub install some-skill
pincer install some-skill

# With specific version
pincer install [email protected]

Scan Without Installing

bash
# Scan a ClawHub skill
pincer scan some-skill

# Scan a local directory
pincer scan ./path/to/skill

# JSON output for automation
pincer scan some-skill --json

Audit Installed Skills

bash
# Quick-scan all installed skills
pincer audit

# JSON output
pincer audit --json

Manage Trust

bash
# Add trusted publisher (auto-approve clean skills)
pincer trust add steipete

# Remove from trusted
pincer trust remove old-publisher

# Block a publisher or skill
pincer trust block suspicious-dev
pincer trust block malware-skill

# Unblock
pincer trust unblock redeemed-dev

# List all trust settings
pincer trust list

View History

bash
# See what you've installed
pincer history

# JSON output
pincer history --json

Configuration

bash
# Show current config
pincer config show

# Edit in $EDITOR
pincer config edit

# Reset to defaults
pincer config reset

What It Checks

Via mcp-scan (Invariant Labs)

  • Prompt injection attacks
  • Malware payloads in natural language
  • Tool poisoning
  • Sensitive data exposure
  • Hard-coded secrets

Additional Pattern Detection

PatternRiskDescription
Base64 commands🚨 HighEncoded shell commands
Hex payloads🚨 HighObfuscated binary data
xattr -d quarantine🚨 HighmacOS Gatekeeper bypass
curl \sh🚨 HighPipe to shell execution
Password archives🚨 HighHidden malicious payloads
Download + execute⚠️ Mediumchmod +x && ./ patterns
eval $var⚠️ MediumDynamic code execution
Hidden files⚠️ MediumDot-file creation
Persistence⚠️ Mediumcron/launchd entries

Publisher & Provenance

  • Publisher reputation (trusted list)
  • Download count threshold
  • Skill age threshold
  • Blocklist checking

Binary Detection

  • Scans for bundled executables
  • Flags Mach-O, ELF, PE32 binaries

Risk Levels

LevelMeaningAction
CLEANNo issuesAuto-approve if trusted publisher
⚠️ CAUTIONWarnings presentPrompt for approval
🚨 DANGERSuspicious patternsBlock (override with --force)
☠️ MALWAREKnown maliciousBlock (cannot override)
BLOCKEDOn blocklistBlock (cannot override)

Configuration

Config: ~/.config/pincer/config.json

json
{
  "trustedPublishers": ["openclaw", "steipete", "invariantlabs-ai"],
  "blockedPublishers": [],
  "blockedSkills": [],
  "autoApprove": "clean",
  "logInstalls": true,
  "minDownloads": 0,
  "minAgeDays": 0
}

KeyDescription
trustedPublishersPublishers whose clean skills auto-approve
blockedPublishersAlways block these publishers
blockedSkillsAlways block these specific skills
autoApprove"clean" = auto-approve clean+trusted, "never" = always prompt
logInstallsLog installations to history file
minDownloadsWarn if skill has fewer downloads
minAgeDaysWarn if skill is newer than N days

Examples

Clean Install

text
$ pincer install bird
🛡️ pincer v1.0.0

  → Fetching bird from ClawHub...
  Publisher: steipete (trusted)
  Stats: 7363 downloads · 27 ★ · created 1 month ago

🛡️ pincer Scanning bird...

  → Running mcp-scan...
  ✅ mcp-scan: passed
  → Checking for suspicious patterns...
  ✅ Pattern check: passed
  → Checking external URLs...
  ✅ URL check: passed
  → Checking for bundled binaries...
  ✅ Binary check: passed

Risk Assessment:
  ✅ CLEAN — No issues detected

  → Auto-approved (clean + trusted config).
  → Installing bird...
  ✅ Installed successfully!

Dangerous Skill Blocked

text
$ pincer install sketchy-tool
🛡️ pincer v1.0.0

  → Fetching sketchy-tool from ClawHub...
  Publisher: newaccount (unknown)
  Stats: 12 downloads · 0 ★ · created 2 days ago

🛡️ pincer Scanning sketchy-tool...

  → Running mcp-scan...
  🚨 mcp-scan: high-risk warnings
  → Checking for suspicious patterns...
  🚨 Pattern check: suspicious patterns found
    • curl/wget piped to shell
    • macOS quarantine removal (xattr)
  → Checking external URLs...
  ⚠️ URL check: external URLs found
    • http://sketchy-domain.xyz/install
  → Checking for bundled binaries...
  ✅ Binary check: passed

Risk Assessment:
  🚨 DANGER — Suspicious patterns detected
    • mcp-scan: high-risk patterns detected
    • curl/wget piped to shell
    • macOS quarantine removal (xattr)

  ☠️ Install blocked. Use --force to override (not recommended).

Credits

License

MIT

Stay safe out there. 🛡️

Installation

Terminal bash 

openclaw install pincer
Copied!

💻Code Examples

ln -sf "$(pwd)/scripts/pincer.sh" ~/.local/bin/pincer

ln--sf-pwdscriptspincersh-localbinpincer.txt
**Dependencies:**
- `clawhub` — for fetching skills
- `uvx` — for mcp-scan (`brew install uv`)
- `jq` — for JSON parsing

## Usage

### Safe Install

pincer config reset

pincer-config-reset.txt
## What It Checks

### Via mcp-scan (Invariant Labs)
- Prompt injection attacks
- Malware payloads in natural language
- Tool poisoning
- Sensitive data exposure
- Hard-coded secrets

### Additional Pattern Detection
| Pattern | Risk | Description |
|---------|------|-------------|
| Base64 commands | 🚨 High | Encoded shell commands |
| Hex payloads | 🚨 High | Obfuscated binary data |
| `xattr -d quarantine` | 🚨 High | macOS Gatekeeper bypass |
| `curl \| sh` | 🚨 High | Pipe to shell execution |
| Password archives | 🚨 High | Hidden malicious payloads |
| Download + execute | ⚠️ Medium | `chmod +x && ./` patterns |
| `eval $var` | ⚠️ Medium | Dynamic code execution |
| Hidden files | ⚠️ Medium | Dot-file creation |
| Persistence | ⚠️ Medium | cron/launchd entries |

### Publisher & Provenance
- Publisher reputation (trusted list)
- Download count threshold
- Skill age threshold
- Blocklist checking

### Binary Detection
- Scans for bundled executables
- Flags Mach-O, ELF, PE32 binaries

## Risk Levels

| Level | Meaning | Action |
|-------|---------|--------|
| ✅ **CLEAN** | No issues | Auto-approve if trusted publisher |
| ⚠️ **CAUTION** | Warnings present | Prompt for approval |
| 🚨 **DANGER** | Suspicious patterns | Block (override with `--force`) |
| ☠️ **MALWARE** | Known malicious | Block (cannot override) |
| ⛔ **BLOCKED** | On blocklist | Block (cannot override) |

## Configuration

Config: `~/.config/pincer/config.json`

}

.txt
| Key | Description |
|-----|-------------|
| `trustedPublishers` | Publishers whose clean skills auto-approve |
| `blockedPublishers` | Always block these publishers |
| `blockedSkills` | Always block these specific skills |
| `autoApprove` | `"clean"` = auto-approve clean+trusted, `"never"` = always prompt |
| `logInstalls` | Log installations to history file |
| `minDownloads` | Warn if skill has fewer downloads |
| `minAgeDays` | Warn if skill is newer than N days |

## Examples

### Clean Install
example.sh
# From ClawHub
clawhub install pincer

# Or manually
chmod +x ./scripts/pincer.sh
ln -sf "$(pwd)/scripts/pincer.sh" ~/.local/bin/pincer
example.sh
# Instead of: clawhub install some-skill
pincer install some-skill

# With specific version
pincer install [email protected]
example.sh
# Scan a ClawHub skill
pincer scan some-skill

# Scan a local directory
pincer scan ./path/to/skill

# JSON output for automation
pincer scan some-skill --json
example.sh
# Quick-scan all installed skills
pincer audit

# JSON output
pincer audit --json
example.sh
# Add trusted publisher (auto-approve clean skills)
pincer trust add steipete

# Remove from trusted
pincer trust remove old-publisher

# Block a publisher or skill
pincer trust block suspicious-dev
pincer trust block malware-skill

# Unblock
pincer trust unblock redeemed-dev

# List all trust settings
pincer trust list
example.sh
# See what you've installed
pincer history

# JSON output
pincer history --json
example.sh
# Show current config
pincer config show

# Edit in $EDITOR
pincer config edit

# Reset to defaults
pincer config reset

Tags

#ai_and-llms #security

Quick Info

Category Development
Model Claude 3.5
Complexity Multi-Agent
Author panzacoder
Last Updated 3/10/2026
🚀
Optimized for
Claude 3.5
🧠

Ready to Install?

Get started with this skill in seconds

openclaw install pincer

Resources

📂
OpenClaw Skills
View on OpenClaw GitHub

Related Skills

✓ Verified 💻 Development

4claw

4claw — a moderated imageboard for AI agents.

🧠 Claude-Ready #ai_and-llms
)}
4.4 (118)
4,990
v1.0.0
✓ Verified 💻 Development

Aap Passport

Agent Attestation Protocol - The Reverse Turing Test.

🧠 Claude-Ready #ai_and-llms
)}
4.3 (89)
4,621
v1.0.0
✓ Verified 💻 Development

Acestep Lyrics Transcription

Transcribe audio to timestamped lyrics using OpenAI Whisper or ElevenLabs Scribe API.

GPT-Optimized #ai_and-llms #api #script
)}
3.8 (274)
17,648
v1.0.0
✓ Verified 💻 Development

Adaptive Suite

A continuously adaptive skill suite that empowers Clawdbot.

🧠 Claude-Ready #ai_and-llms #bot
)}
4.7 (88)
1,625
v1.0.0