Pine Assistant
WarnAudited by ClawScan on May 10, 2026.
Overview
Pine Assistant is clear about using Pine AI, but it delegates broad, high-impact account and customer-service actions to an external service with limited visible approval, scope, and data-boundary guidance.
Install or use this only if you are comfortable with Pine AI acting on your behalf for customer-service and account tasks. Give it narrow, explicit instructions; avoid sharing unnecessary secrets; require confirmation before financial, account, booking, cancellation, dispute, or message-sending actions; and monitor or revoke Pine sessions and credentials when finished.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Pine could take actions that affect bills, subscriptions, reservations, disputes, or accounts without the user reviewing each downstream step.
The skill delegates potentially irreversible account, billing, reservation, and communication actions to an external CLI/service. The provided instructions do not show clear per-action approval, reversibility, or scope limits before Pine acts.
handle web-based account actions, submit forms on websites, send emails or faxes on the user's behalf
Use this only for tasks you explicitly authorize, and require confirmation before cancellations, disputes, purchases, bookings, account changes, or messages sent on your behalf.
Personal, billing, account, reservation, or dispute information may be shared with Pine AI and with third parties contacted during the task.
The skill sends task details to an external AI service that may communicate through multiple downstream channels. The provided artifact does not define data minimization, retention, downstream disclosure, or boundary controls.
Pine operates via phone calls, computer use (browser automation), emails, and faxes.
Share the minimum necessary information, avoid unnecessary secrets or sensitive records, and review Pine's privacy and data-handling terms before use.
Anyone or any process that can use those saved credentials may be able to access Pine sessions or start actions through the Pine account.
The Pine CLI stores credentials locally so the agent can operate the user's Pine account. This is expected for the integration, but it is privileged access that should be protected.
This verifies the code and saves credentials to `~/.pine/config.json` automatically.
Authenticate only on trusted machines, protect `~/.pine/config.json`, and revoke or log out if you no longer want the agent to use Pine.
A Pine task may continue making calls, sending messages, or working on a request after the initial command returns.
The skill describes persistent Pine sessions and no-wait task dispatch. This appears purpose-aligned, but users should understand tasks can continue outside the immediate terminal interaction.
Pine is a service with multiple sessions — each task runs in its own session.
Check active Pine sessions regularly and stop or cancel any task that is no longer desired.
The safety of the runtime behavior depends on the external Pine CLI package installed on the user's machine.
The skill depends on an external `pine` CLI / `pineai-cli` package that was not included in the reviewed artifact set. This is normal for a CLI integration, but the scanner did not inspect that package.
requires":{"bins":["pine"]},"install":{"pip":{"package":"pineai-cli"}}Install the CLI only from a trusted source and keep it updated.