SkillJavaScriptv1.0.1
pincer
Security-first wrapper for installing agent skills.
3 downloads
panzacoder
Updated Feb 7, 2026pincer ๐ก๏ธ
Security-first wrapper for clawhub install. Scans skills for malware, prompt injection, and suspicious patterns before installation.
Why?
Agent skills are powerful โ they're basically executable documentation. The ClawHub ecosystem has already seen malware campaigns distributing infostealers via innocent-looking skills. pincer adds a security layer before you install anything.
Install
# From ClawHub
clawhub install pincer
# Or manually
chmod +x ./scripts/pincer.sh
ln -sf "$(pwd)/scripts/pincer.sh" ~/.local/bin/pincer
Dependencies:
clawhubโ for fetching skillsuvxโ for mcp-scan (brew install uv)jqโ for JSON parsing
Usage
Safe Install
# Instead of: clawhub install some-skill
pincer install some-skill
# With specific version
pincer install some-skill@1.2.0
Scan Without Installing
# Scan a ClawHub skill
pincer scan some-skill
# Scan a local directory
pincer scan ./path/to/skill
# JSON output for automation
pincer scan some-skill --json
Audit Installed Skills
# Quick-scan all installed skills
pincer audit
# JSON output
pincer audit --json
Manage Trust
# Add trusted publisher (auto-approve clean skills)
pincer trust add steipete
# Remove from trusted
pincer trust remove old-publisher
# Block a publisher or skill
pincer trust block suspicious-dev
pincer trust block malware-skill
# Unblock
pincer trust unblock redeemed-dev
# List all trust settings
pincer trust list
View History
# See what you've installed
pincer history
# JSON output
pincer history --json
Configuration
# Show current config
pincer config show
# Edit in $EDITOR
pincer config edit
# Reset to defaults
pincer config reset
What It Checks
Via mcp-scan (Invariant Labs)
- Prompt injection attacks
- Malware payloads in natural language
- Tool poisoning
- Sensitive data exposure
- Hard-coded secrets
Additional Pattern Detection
| Pattern | Risk | Description |
|---|---|---|
| Base64 commands | ๐จ High | Encoded shell commands |
| Hex payloads | ๐จ High | Obfuscated binary data |
xattr -d quarantine | ๐จ High | macOS Gatekeeper bypass |
curl | sh | ๐จ High | Pipe to shell execution |
| Password archives | ๐จ High | Hidden malicious payloads |
| Download + execute | โ ๏ธ Medium | chmod +x && ./ patterns |
eval $var | โ ๏ธ Medium | Dynamic code execution |
| Hidden files | โ ๏ธ Medium | Dot-file creation |
| Persistence | โ ๏ธ Medium | cron/launchd entries |
Publisher & Provenance
- Publisher reputation (trusted list)
- Download count threshold
- Skill age threshold
- Blocklist checking
Binary Detection
- Scans for bundled executables
- Flags Mach-O, ELF, PE32 binaries
Risk Levels
| Level | Meaning | Action |
|---|---|---|
| โ CLEAN | No issues | Auto-approve if trusted publisher |
| โ ๏ธ CAUTION | Warnings present | Prompt for approval |
| ๐จ DANGER | Suspicious patterns | Block (override with --force) |
| โ ๏ธ MALWARE | Known malicious | Block (cannot override) |
| โ BLOCKED | On blocklist | Block (cannot override) |
Configuration
Config: ~/.config/pincer/config.json
{
"trustedPublishers": ["openclaw", "steipete", "invariantlabs-ai"],
"blockedPublishers": [],
"blockedSkills": [],
"autoApprove": "clean",
"logInstalls": true,
"minDownloads": 0,
"minAgeDays": 0
}
| Key | Description |
|---|---|
trustedPublishers | Publishers whose clean skills auto-approve |
blockedPublishers | Always block these publishers |
blockedSkills | Always block these specific skills |
autoApprove | "clean" = auto-approve clean+trusted, "never" = always prompt |
logInstalls | Log installations to history file |
minDownloads | Warn if skill has fewer downloads |
minAgeDays | Warn if skill is newer than N days |
Examples
Clean Install
$ pincer install bird
๐ก๏ธ pincer v1.0.0
โ Fetching bird from ClawHub...
Publisher: steipete (trusted)
Stats: 7363 downloads ยท 27 โ
ยท created 1 month ago
๐ก๏ธ pincer Scanning bird...
โ Running mcp-scan...
โ
mcp-scan: passed
โ Checking for suspicious patterns...
โ
Pattern check: passed
โ Checking external URLs...
โ
URL check: passed
โ Checking for bundled binaries...
โ
Binary check: passed
Risk Assessment:
โ
CLEAN โ No issues detected
โ Auto-approved (clean + trusted config).
โ Installing bird...
โ
Installed successfully!
Dangerous Skill Blocked
$ pincer install sketchy-tool
๐ก๏ธ pincer v1.0.0
โ Fetching sketchy-tool from ClawHub...
Publisher: newaccount (unknown)
Stats: 12 downloads ยท 0 โ
ยท created 2 days ago
๐ก๏ธ pincer Scanning sketchy-tool...
โ Running mcp-scan...
๐จ mcp-scan: high-risk warnings
โ Checking for suspicious patterns...
๐จ Pattern check: suspicious patterns found
โข curl/wget piped to shell
โข macOS quarantine removal (xattr)
โ Checking external URLs...
โ ๏ธ URL check: external URLs found
โข http://sketchy-domain.xyz/install
โ Checking for bundled binaries...
โ
Binary check: passed
Risk Assessment:
๐จ DANGER โ Suspicious patterns detected
โข mcp-scan: high-risk patterns detected
โข curl/wget piped to shell
โข macOS quarantine removal (xattr)
โ ๏ธ Install blocked. Use --force to override (not recommended).
Credits
- mcp-scan by Invariant Labs โ core security scanning
- 1Password Security Research โ threat analysis that inspired this tool
- Snyk ToxicSkills Report โ ecosystem threat research
License
MIT
Stay safe out there. ๐ก๏ธ