Pinchtab Helper
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: pinchtab-helper Version: 0.1.0 The skill bundle instructs the AI agent to install and execute an external browser automation tool using a high-risk 'curl | bash' command from pinchtab.com (SKILL.md). While the tool's stated purpose is efficient browser control, the promotion of unverified remote script execution and the broad capabilities granted (navigating, clicking, and capturing browser data) represent a significant security risk. There is no evidence of explicit malicious intent, but the installation pattern is a common vector for supply chain attacks.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If used on sensitive sites, the agent could submit forms, click account controls, or make changes the user did not intend.
The skill documents direct browser actions, including clicking, entering text, and submitting forms. This is central to the stated purpose, but it can affect websites and accounts.
pinchtab click e5 ... pinchtab fill e3 "搜索内容" ... pinchtab press e7 Enter
Use this only for user-directed browsing tasks, and require confirmation before purchases, logins, account changes, posts, file uploads, or other irreversible actions.
The security of the installed PinchTab tool depends on the external source and version the user installs.
The setup relies on external installers/packages/containers that are not bundled with this skill or pinned to a reviewed version.
curl -fsSL https://pinchtab.com/install.sh | bash ... npm install -g pinchtab ... docker run -d --name pinchtab ... pinchtab/pinchtab
Verify PinchTab’s source before installing, prefer pinned versions or trusted package sources, and avoid curl-to-bash if you cannot inspect the script.
Using a personal browser profile could let automation act inside already-logged-in accounts.
The skill acknowledges browser profile choice. A normal browser profile may contain logged-in sessions and cookies, giving the agent delegated account access through the browser.
Profile:建议使用专门的自动化 profile
Use a separate automation browser profile with only the accounts needed for the task, and avoid using profiles with banking, admin, or other highly sensitive sessions.
Anyone with access to the exposed endpoint or remote token could potentially control the automated browser.
The browser-control API is exposed through a local HTTP endpoint, with an optional remote bridge token. This is disclosed and purpose-aligned, but it is still a sensitive control channel.
基础 URL: http://localhost:9867 ... 安全:PinchTab 默认只绑定 127.0.0.1 ... 如果需要远程访问,设置 BRIDGE_TOKEN
Keep the service bound to localhost, do not expose the port publicly, protect BRIDGE_TOKEN, and stop the service when not in use.
The browser automation service may remain available until the user stops it.
The setup starts PinchTab as a background process. This is expected for a browser-control service, but it may keep running after the immediate task.
pinchtab &
Start PinchTab only when needed and stop the background process after finishing browser automation tasks.