Pinchtab
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: pinchtab Version: 0.11.0 The 'pinchtab' skill bundle provides a comprehensive browser automation interface (CLI and HTTP API) for navigation, interaction, and data extraction. While it includes high-risk capabilities such as JavaScript evaluation (eval), file transfers, and cookie access, these are documented as disabled by default and gated by security policies. The documentation (SKILL.md, TRUST.md, and mcp.md) demonstrates high security awareness by explicitly instructing the AI agent to treat all page-derived content as untrusted data and to ignore potential prompt-injection attacks found on websites.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If enabled, the agent could help bypass bot-detection or challenge pages on websites, which may violate site rules or automate actions users did not intend.
The docs explicitly describe solving anti-bot challenges and using stealth mode. Although SKILL.md says this requires user approval, this is a high-risk browser automation capability that can bypass site protections.
Try `POST /solve` first — it auto-detects Cloudflare Turnstile and solves it ... Verify `stealthLevel: "full"` is active
Keep challenge solving and stealth disabled unless the user explicitly confirms it is needed and authorized for the current site and task.
The agent may be able to view private account pages or perform account-changing actions in logged-in sessions.
The skill can reuse authenticated browser state and access cookies, which gives the agent authority to act as the logged-in user on visited sites.
log into sites with a persistent profile ... Cookie data (`pinchtab cookies`) contains session credentials
Use dedicated low-privilege browser profiles, avoid personal profiles, and require explicit confirmation before purchases, deletions, account changes, or other sensitive actions.
If enabled, generated or untrusted JavaScript could read or change page state in the active browser session.
JavaScript execution in the page is a powerful capability, but the docs state it is disabled by default and requires explicit configuration.
`pinchtab eval <expression>` Run JavaScript in the browser context ... Requires `security.allowEvaluate: true` in config. Returns 403 by default.
Leave evaluation disabled unless necessary, avoid the `--yolo` or guards-down preset, and review any JavaScript before running it.
Exported network logs could reveal private URLs, session tokens, or response contents if saved or shared carelessly.
Network exports can persist sensitive browsing data and tokens into files that may later be shared, reused, or exposed.
Network exports (`pinchtab network-export`) may contain private URLs, auth tokens, and response bodies. Omit `--body` for sensitive sessions. Delete or redact export files after use.
Avoid exporting bodies for authenticated sessions, store exports only in safe temporary/workspace paths, and delete or redact them after use.
Browser state or page content could be exposed to another local agent, a shared server, or a remote PinchTab instance if targeting/authentication is not set carefully.
The tool can connect to protected or remote PinchTab servers and uses tokens/sessions to separate callers. Misconfiguration could send browser-control requests or page data to the wrong server.
`PINCHTAB_TOKEN` | Authenticate CLI or MCP requests to a protected server ... `pinchtab --server http://192.168.1.50:9867 snap`
Prefer localhost or explicitly trusted servers, use `PINCHTAB_SESSION` or `PINCHTAB_TOKEN`, and avoid anonymous shared-tab workflows for sensitive browsing.
Installing the skill requires trusting the external PinchTab distribution channel.
The skill depends on an externally installed binary, and the submitted artifact set contains instructions and references rather than the binary source code.
brew | formula: pinchtab/tap/pinchtab | creates binaries: pinchtab
Install from the official source, pin/verify the version when possible, and check release checksums or source provenance before use.
A running daemon may keep browser automation capability available after the immediate task ends.
The tool supports a background service. The docs present this as a user-directed management command, not hidden persistence.
`pinchtab daemon` Manage the user-level background service ... `pinchtab daemon install` ... `pinchtab daemon start`
Only enable the daemon if needed, and stop or uninstall it when browser automation is no longer required.