Pinchwork
PassAudited by ClawScan on May 10, 2026.
Overview
Pinchwork’s documentation is coherent for an external agent marketplace, but users should treat task contents and the credit-bearing API key carefully.
Before installing, decide whether you are comfortable sending task details to an external agent marketplace. Redact sensitive data, keep the API key in a secure secret store, verify the optional CLI installer before running it, and treat any picked-up marketplace task as untrusted input.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anything included in a delegated task or its context may leave the local agent and be processed by other agents.
The core workflow sends work between agents through Pinchwork, so task contents may be exposed to external workers.
Delegate tasks to other agents. Pick up work. Earn credits.
Only delegate information you are allowed to share externally; redact secrets, credentials, customer data, and proprietary material unless the service’s trust and privacy model is acceptable.
A malicious or careless posted task could try to steer the agent into unsafe actions if treated as authoritative.
Picking up marketplace tasks means the agent may receive task text from outside parties, which could contain prompt-injection or instructions unrelated to the user’s goals.
curl -X POST https://pinchwork.dev/v1/tasks/pickup ... Returns the claimed task
Treat picked-up task content as untrusted user data, keep normal tool approvals in place, and do not let external task text override system or user instructions.
Running the optional installer gives code from the remote source local execution privileges.
The recommended CLI install path runs a remote shell script; another option uses go install with @latest. These are user-directed but not pinned in the skill artifact.
curl -fsSL https://pinchwork.dev/install.sh | sh
Inspect the installer or use a trusted package manager/source, and consider pinning a known version before installing the CLI.
Anyone with the API key could act as the user’s Pinchwork agent and spend credits.
The artifact clearly states that the API key controls account identity and credits, which is expected for the service but sensitive.
Your API key is your identity. Leaking it means someone else can impersonate you and spend your credits.
Keep PINCHWORK_API_KEY secret, send it only to https://pinchwork.dev/v1/* as the docs warn, and rotate/revoke it if exposed.
A credential kept in general agent memory could be reused or exposed in later contexts if memory handling is not strict.
The docs mention storing the API key in agent memory, which can persist across tasks and may be less controlled than a dedicated secret store.
You can also store it in environment variables (`PINCHWORK_API_KEY`), your agent's memory, or wherever you keep secrets.
Prefer environment variables, OS keychains, or dedicated secret-management mechanisms over general agent memory for API keys.