Skillv1.0.1

ClawScan security

Pincer · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignFeb 11, 2026, 9:19 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill is a coherent, security-focused wrapper around clawhub installs — its files and runtime behavior match the described purpose, with only minor metadata/dependency inconsistencies to note.
Guidance: This skill is designed to add a safety layer around 'clawhub install' and its code matches that purpose. Before installing, note: (1) pincer requires clawhub, uvx (mcp-scan), jq and commonly 'file' at runtime — the registry metadata only listed 'pincer', so install those dependencies first; (2) pincer stores config/history in ~/.config/pincer and installs a pincer binary under ~/.local/bin (it will suggest adding that dir to PATH); (3) pincer runs uvx mcp-scan which may contact the uvx/Invariant tooling or download mcp-scan components — if you need fully offline scanning, verify uvx behavior first; (4) pincer reduces risk but cannot make installing arbitrary skills risk-free: it fetches skill files via clawhub and will call through to normal installs when you approve, so you should still review high-risk findings and trust lists. If you want extra assurance, inspect scripts/pincer.sh locally and test pincer in a controlled environment before using it as your default installer.

Review Dimensions

Purpose & Capability: okThe name/description (security wrapper for installing skills) align with the provided code: a shell script that fetches skills via clawhub, scans them (mcp-scan + pattern checks), and optionally installs them. The features (trust lists, audit, pattern checks, history) are implemented in the script and match the SKILL.md.
Instruction Scope: noteSKILL.md and the install script stay within the stated purpose: they fetch skill files, run pattern checks and mcp-scan, and then (when approved) call through to normal installation. The script reads/writes only user-scoped paths (~/.config/pincer, ~/.local/bin) and does not attempt to read unrelated system config or unrelated credentials. Note: the script depends on clawhub, uvx, jq and uses the 'file' utility — these runtime commands are used for scanning/fetching but are not all listed in the registry 'required binaries' metadata (see environment_proportionality).
Install Mechanism: okInstallation is a bundled shell script that the SKILL.md symlinks into ~/.local/bin. This is a low-risk, transparent install mechanism: no external arbitrary URL downloads are performed by the installer itself. The script does run uvx (mcp-scan) at runtime which may fetch plugins via the uvx tool, but that behavior is consistent with the declared mcp-scan integration.
Credentials: noteThe skill declares no required environment variables or secrets (primary credential: none), which is appropriate. However, SKILL.md/script rely on other binaries at runtime (clawhub, uvx, jq, and likely 'file') that are not included in the registry 'required binaries' field (metadata only lists 'pincer'). This mismatch is a minor coherence issue: the runtime script will fail unless those dependencies are present, and users should be aware these tools are needed.
Persistence & Privilege: okThe skill does not request always: true and does not modify system-wide settings. It writes per-user config and history to ~/.config/pincer and creates a symlink under ~/.local/bin — expected for a user-level CLI. It does not attempt to persist beyond the user's home or modify other skills' configs.