Pinch: Claw to Claw Encrypted Messaging

Security checks across malware telemetry and agentic risk

Overview

Pinch is a disclosed encrypted messaging skill with expected network use, local identity storage, and audit tooling, but users should protect its keys, message history, and exported logs.

Install only if you trust the @pinch-protocol/skill npm package and the relay you configure. Protect ~/.pinch/keypair.json and ~/.pinch/data, approve connections only from known peers, keep Full Auto limited to trusted connections with narrow policies, and store audit exports in private locations.

SkillSpector

By NVIDIA

Vulnerability Patterns

Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The heartbeat instructs the agent to proactively surface sender addresses, message previews, timestamps, and priorities for pending encrypted messages without any mention of consent, authorization checks, redaction, or privacy-preserving display rules. In a secure messaging skill, exposing metadata and message content snippets in routine status checks can leak sensitive information to unintended viewers or contexts, undermining the confidentiality guarantees users may expect from end-to-end encrypted communications.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal