ClawHub

Pincer

v1.0.1

Security-first wrapper for installing agent skills. Scans for malware, prompt injection, and suspicious patterns before installation. Use instead of `clawhub install` for safer skill management.

0· 1.3k·2 current·2 all-time
by@panzacoder
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (security wrapper for installing skills) align with the provided code: a shell script that fetches skills via clawhub, scans them (mcp-scan + pattern checks), and optionally installs them. The features (trust lists, audit, pattern checks, history) are implemented in the script and match the SKILL.md.
Instruction Scope
SKILL.md and the install script stay within the stated purpose: they fetch skill files, run pattern checks and mcp-scan, and then (when approved) call through to normal installation. The script reads/writes only user-scoped paths (~/.config/pincer, ~/.local/bin) and does not attempt to read unrelated system config or unrelated credentials. Note: the script depends on clawhub, uvx, jq and uses the 'file' utility — these runtime commands are used for scanning/fetching but are not all listed in the registry 'required binaries' metadata (see environment_proportionality).
Install Mechanism
Installation is a bundled shell script that the SKILL.md symlinks into ~/.local/bin. This is a low-risk, transparent install mechanism: no external arbitrary URL downloads are performed by the installer itself. The script does run uvx (mcp-scan) at runtime which may fetch plugins via the uvx tool, but that behavior is consistent with the declared mcp-scan integration.
Credentials
The skill declares no required environment variables or secrets (primary credential: none), which is appropriate. However, SKILL.md/script rely on other binaries at runtime (clawhub, uvx, jq, and likely 'file') that are not included in the registry 'required binaries' field (metadata only lists 'pincer'). This mismatch is a minor coherence issue: the runtime script will fail unless those dependencies are present, and users should be aware these tools are needed.
Persistence & Privilege
The skill does not request always: true and does not modify system-wide settings. It writes per-user config and history to ~/.config/pincer and creates a symlink under ~/.local/bin — expected for a user-level CLI. It does not attempt to persist beyond the user's home or modify other skills' configs.
Assessment
This skill is designed to add a safety layer around 'clawhub install' and its code matches that purpose. Before installing, note: (1) pincer requires clawhub, uvx (mcp-scan), jq and commonly 'file' at runtime — the registry metadata only listed 'pincer', so install those dependencies first; (2) pincer stores config/history in ~/.config/pincer and installs a pincer binary under ~/.local/bin (it will suggest adding that dir to PATH); (3) pincer runs uvx mcp-scan which may contact the uvx/Invariant tooling or download mcp-scan components — if you need fully offline scanning, verify uvx behavior first; (4) pincer reduces risk but cannot make installing arbitrary skills risk-free: it fetches skill files via clawhub and will call through to normal installs when you approve, so you should still review high-risk findings and trust lists. If you want extra assurance, inspect scripts/pincer.sh locally and test pincer in a controlled environment before using it as your default installer.

Like a lobster shell, security has layers — review code before you run it.

latestvk977arzb5ykn78kg58rpypndph80qhm3

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
Binspincer

Comments