ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Pinchtab Helper

v0.1.0

控制并自动化操作浏览器,支持导航、快照、点击、输入、提交表单和截图,需预先安装并启动 PinchTab 服务。

0· 290·2 current·2 all-time
byAnonymous@adminlove520
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description claim (control and automate a browser via PinchTab) matches the SKILL.md: all commands and HTTP endpoints are about launching instances, navigation, snapshots, clicks, fills, and screenshots. No unrelated credentials, binaries, or config paths are requested.
Instruction Scope
Instructions are narrowly scoped to running the PinchTab CLI or calling its local HTTP API (http://localhost:9867). They do not instruct reading arbitrary host files or exporting data to third parties. However, the doc suggests using BRIDGE_TOKEN for remote access (not declared as a required env var) and instructs launching a network service — which if misconfigured could expose browser sessions and their data.
!
Install Mechanism
Although the skill itself has no install spec, SKILL.md explicitly suggests installing via curl -fsSL https://pinchtab.com/install.sh | bash (and alternatives like npm or Docker). Curl|bash from an unverified domain is high risk because it downloads and executes remote code. The npm and Docker alternatives are reasonable, but the guidance to run the remote install script should be treated as a red flag unless the domain and script are audited.
Credentials
The skill declares no required env vars or secrets (which is appropriate). SKILL.md mentions an optional BRIDGE_TOKEN for remote access; this token is not declared in metadata and would grant broad access if used. Users should not set or expose such tokens unless they understand the security implications.
Persistence & Privilege
always is false, no install artifacts are declared, and the skill does not request modifying other skills or system-wide configs. Autonomous invocation is allowed (default) but that is expected for skills and not flagged alone.
Scan Findings in Context
[no_regex_findings] expected: The static regex scanner found nothing — expected because this is an instruction-only skill with no code files to analyze. Lack of findings is not evidence of safety; the SKILL.md itself contains the risky install command.
What to consider before installing
This skill appears to do what it says (drive a browser via PinchTab) but take precautions before installing or running it: 1) Do not run curl | bash from an unfamiliar domain without auditing the script — prefer official package sources (npm, Docker images you inspect, or verified GitHub releases). 2) Run PinchTab in an isolated environment (dedicated profile, VM, or container) because browser automation can access sensitive pages and credentials. 3) Ensure the service binds only to localhost and avoid setting BRIDGE_TOKEN or exposing the service unless you fully trust and control the remote endpoint. 4) If you need to use this skill in production, verify the pinchtab binary source and the install script contents first. If you want, I can help inspect the install script or suggest safer installation alternatives.

Like a lobster shell, security has layers — review code before you run it.

latestvk97enxsrh6k6ajj40bvsd2jt8x82rpcq

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments