P

Pincer

pincer

Security-first wrapper for installing agent skills. Scans for malware, prompt injection, and suspicious patterns before installation. Use instead of `clawhub install` for safer skill management.

数据来源：ClawHub。在 ClawSkills 查看

1.4k下载量

0收藏数

2浏览量

安装

选择你使用的 Agent

方法一：命令行安装（推荐）

关于 Pincer

--- name: pincer description: Security-first wrapper for installing agent skills. Scans for malware, prompt injection, and suspicious patterns before installation. Use instead of clawhub install for safer skill management. homepage: https://github.com/panzacoder/pincer metadata: openclaw: emoji: "🦞" requires: bins: ["pincer"] install: - id: symlink kind: script label: "Install pincer to PATH" script: | chmod +x "${SKILL_DIR}/scripts/pincer.sh" mkdir -p ~/.local/bin ln -sf "${SKILL_DIR}/scripts/pincer.sh" ~/.local/bin/pincer echo "" echo "✅ pincer installed!" echo "" echo "Make sure ~/.local/bin is in your PATH:" echo ' export PATH="$HOME/.local/bin:$PATH"' echo "" echo "Usage:" echo " pincer install # Safe install with scanning" echo " pincer scan # Scan without installing" echo " pincer audit # Scan all installed skills" echo "" ---

pincer 🛡️

Security-first wrapper for clawhub install. Scans skills for malware, prompt injection, and suspicious patterns before installation.

Why?

Agent skills are powerful — they're basically executable documentation. The ClawHub ecosystem has already seen malware campaigns distributing infostealers via innocent-looking skills. pincer adds a security layer before you install anything.

Install

# From ClawHub
clawhub install pincer

# Or manually
chmod +x ./scripts/pincer.sh
ln -sf "$(pwd)/scripts/pincer.sh" ~/.local/bin/pincer

Dependencies:

clawhub — for fetching skills
uvx — for mcp-scan (brew install uv)
jq — for JSON parsing

Usage

Safe Install

# Instead of: clawhub install some-skill
pincer install some-skill

# With specific version
pincer install [email protected]

Scan Without Installing

# Scan a ClawHub skill
pincer scan some-skill

# Scan a local directory
pincer scan ./path/to/skill

# JSON output for automation
pincer scan some-skill --json

Audit Installed Skills

# Quick-scan all installed skills
pincer audit

# JSON output
pincer audit --json

Manage Trust

# Add trusted publisher (auto-approve clean skills)
pincer trust add steipete

# Remove from trusted
pincer trust remove old-publisher

# Block a publisher or skill
pincer trust block suspicious-dev
pincer trust block malware-skill

# Unblock
pincer trust unblock redeemed-dev

# List all trust settings
pincer trust list

View History

# See what you've installed
pincer history

# JSON output
pincer history --json

Configuration

# Show current config
pincer config show

# Edit in $EDITOR
pincer config edit

# Reset to defaults
pincer config reset

What It Checks

Via mcp-scan (Invariant Labs)

Prompt injection attacks
Malware payloads in natural language
Tool poisoning
Sensitive data exposure
Hard-coded secrets

Additional Pattern Detection

| Pattern | Risk | Description | |---------|------|-------------| | Base64 commands | 🚨 High | Encoded shell commands | | Hex payloads | 🚨 High | Obfuscated binary data | | xattr -d quarantine | 🚨 High | macOS Gatekeeper bypass | | curl \| sh | 🚨 High | Pipe to shell execution | | Password archives | 🚨 High | Hidden malicious payloads | | Download + execute | ⚠️ Medium | chmod +x && ./ patterns | | eval $var | ⚠️ Medium | Dynamic code execution | | Hidden files | ⚠️ Medium | Dot-file creation | | Persistence | ⚠️ Medium | cron/launchd entries |

Publisher & Provenance

Publisher reputation (trusted list)
Download count threshold
Skill age threshold
Blocklist checking

Binary Detection

Scans for bundled executables
Flags Mach-O, ELF, PE32 binaries

Risk Levels

| Level | Meaning | Action | |-------|---------|--------| | ✅ CLEAN | No issues | Auto-approve if trusted publisher | | ⚠️ CAUTION | Warnings present | Prompt for approval | | 🚨 DANGER | Suspicious patterns | Block (override with --force) | | ☠️ MALWARE | Known malicious | Block (cannot override) | | ⛔ BLOCKED | On blocklist | Block (cannot override) |

Configuration

Config: ~/.config/pincer/config.json

{
  "trustedPublishers": ["openclaw", "steipete", "invariantlabs-ai"],
  "blockedPublishers": [],
  "blockedSkills": [],
  "autoApprove": "clean",
  "logInstalls": true,
  "minDownloads": 0,
  "minAgeDays": 0
}

| Key | Description | |-----|-------------| | trustedPublishers | Publishers whose clean skills auto-approve | | blockedPublishers | Always block these publishers | | blockedSkills | Always block these specific skills | | autoApprove | "clean" = auto-approve clean+trusted, "never" = always prompt | | logInstalls | Log installations to history file | | minDownloads | Warn if skill has fewer downloads | | minAgeDays | Warn if skill is newer than N days |

Examples

Clean Install

$ pincer install bird
🛡️ pincer v1.0.0

  → Fetching bird from ClawHub...
  Publisher: steipete (trusted)
  Stats: 7363 downloads · 27 ★ · created 1 month ago

🛡️ pincer Scanning bird...

  → Running mcp-scan...
  ✅ mcp-scan: passed
  → Checking for suspicious patterns...
  ✅ Pattern check: passed
  → Checking external URLs...
  ✅ URL check: passed
  → Checking for bundled binaries...
  ✅ Binary check: passed

Risk Assessment:
  ✅ CLEAN — No issues detected

  → Auto-approved (clean + trusted config).
  → Installing bird...
  ✅ Installed successfully!

Dangerous Skill Blocked

$ pincer install sketchy-tool
🛡️ pincer v1.0.0

  → Fetching sketchy-tool from ClawHub...
  Publisher: newaccount (unknown)
  Stats: 12 downloads · 0 ★ · created 2 days ago

🛡️ pincer Scanning sketchy-tool...

  → Running mcp-scan...
  🚨 mcp-scan: high-risk warnings
  → Checking for suspicious patterns...
  🚨 Pattern check: suspicious patterns found
    • curl/wget piped to shell
    • macOS quarantine removal (xattr)
  → Checking external URLs...
  ⚠️ URL check: external URLs found
    • http://sketchy-domain.xyz/install
  → Checking for bundled binaries...
  ✅ Binary check: passed

Risk Assessment:
  🚨 DANGER — Suspicious patterns detected
    • mcp-scan: high-risk patterns detected
    • curl/wget piped to shell
    • macOS quarantine removal (xattr)

  ☠️ Install blocked. Use --force to override (not recommended).

Credits

mcp-scan by Invariant Labs — core security scanning
1Password Security Research — threat analysis that inspired this tool
Snyk ToxicSkills Report — ecosystem threat research

License

MIT

---

Stay safe out there. 🛡️

Prompt 示例

安装 Pincer 后，可以对 AI 说这些话来触发它

U

Help me get started with Pincer

A

Explains what Pincer does, walks through the setup, and runs a quick demo based on your current project

U

Use Pincer to security-first wrapper for installing agent skills

A

Invokes Pincer with the right parameters and returns the result directly in the conversation

U

What can I do with Pincer in my marketing & growth workflow?

A

Lists the top use cases for Pincer, with example commands for each scenario

常见问题

如何安装 Pincer？▾

将技能文件夹放到 ~/.claude/skills/pincer/ 目录（个人级，所有项目可用），或 .claude/skills/pincer/（项目级）。重启 AI 客户端后，用 /pincer 主动调用，或让 AI 根据上下文自动发现并使用。

Pincer 支持哪些 AI 平台？▾

Pincer 支持 Claude、Cursor、OpenClaw，可与这些 AI 平台无缝集成，扩展其能力。

Pincer 是免费的吗？▾

Pincer 可免费安装使用。请查阅仓库了解许可证信息。

Pincer 有什么功能？▾

Security-first wrapper for installing agent skills. Scans for malware, prompt injection, and suspicious patterns before installation. Use instead of `clawhub install` for safer skill management.

Pincer 属于哪个分类？▾

Pincer 属于「Marketing & Growth」分类，该分类的技能帮助 AI 智能体在此领域执行专业任务。

使用场景

Getting Started with Pincer→Automate Marketing & Growth Workflows with Pincer→Team Collaboration with Pincer→

Pincer

安装

关于 Pincer

pincer 🛡️

Why?

Install

Usage

Safe Install

Scan Without Installing

Audit Installed Skills

Manage Trust

View History

Configuration

What It Checks

Via mcp-scan (Invariant Labs)

Additional Pattern Detection

Publisher & Provenance

Binary Detection

Risk Levels

Configuration

Examples

Clean Install

Dangerous Skill Blocked

Credits

License

Prompt 示例

常见问题

使用场景

同类技能推荐

AdMapix

API Gateway

Mcporter

Discord