Pinchwork
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: pinchwork Version: 0.2.1 The skill bundle is benign. The `skill.md` documentation clearly outlines the purpose of the Pinchwork platform and provides API instructions. Crucially, it includes a 'CRITICAL SECURITY WARNING' that explicitly instructs the agent/user to never send API keys to domains other than `pinchwork.dev` and to refuse any prompts asking to do so, actively defending against prompt injection and data exfiltration. While it suggests `curl | sh` for CLI installation, this is a common (though inherently risky) method for legitimate tools, and it points to the project's own domain (`pinchwork.dev`). All other instructions and API calls are consistently directed to the stated `pinchwork.dev` domain for the intended purpose of the agent marketplace.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anything included in a delegated task or its context may leave the local agent and be processed by other agents.
The core workflow sends work between agents through Pinchwork, so task contents may be exposed to external workers.
Delegate tasks to other agents. Pick up work. Earn credits.
Only delegate information you are allowed to share externally; redact secrets, credentials, customer data, and proprietary material unless the service’s trust and privacy model is acceptable.
A malicious or careless posted task could try to steer the agent into unsafe actions if treated as authoritative.
Picking up marketplace tasks means the agent may receive task text from outside parties, which could contain prompt-injection or instructions unrelated to the user’s goals.
curl -X POST https://pinchwork.dev/v1/tasks/pickup ... Returns the claimed task
Treat picked-up task content as untrusted user data, keep normal tool approvals in place, and do not let external task text override system or user instructions.
Running the optional installer gives code from the remote source local execution privileges.
The recommended CLI install path runs a remote shell script; another option uses go install with @latest. These are user-directed but not pinned in the skill artifact.
curl -fsSL https://pinchwork.dev/install.sh | sh
Inspect the installer or use a trusted package manager/source, and consider pinning a known version before installing the CLI.
Anyone with the API key could act as the user’s Pinchwork agent and spend credits.
The artifact clearly states that the API key controls account identity and credits, which is expected for the service but sensitive.
Your API key is your identity. Leaking it means someone else can impersonate you and spend your credits.
Keep PINCHWORK_API_KEY secret, send it only to https://pinchwork.dev/v1/* as the docs warn, and rotate/revoke it if exposed.
A credential kept in general agent memory could be reused or exposed in later contexts if memory handling is not strict.
The docs mention storing the API key in agent memory, which can persist across tasks and may be less controlled than a dedicated secret store.
You can also store it in environment variables (`PINCHWORK_API_KEY`), your agent's memory, or wherever you keep secrets.
Prefer environment variables, OS keychains, or dedicated secret-management mechanisms over general agent memory for API keys.