ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

RedPincer — AI Red Team Suite

v1.0.0

AI/LLM red team testing skill. Point at any LLM API endpoint and run automated security assessments. 160+ attack payloads across prompt injection, jailbreak,...

0· 532·3 current·3 all-time
by@rustyorb
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
!
Purpose & Capability
The declared purpose (red-team testing of LLM endpoints) matches the instructions to provide an endpoint and API key and run attacks. However, SKILL.md instructs cloning and running a GitHub project (npm ci, npm run dev) while metadata only requires node and npm — it omits git even though git clone is used. The companion autonomous tool (RedClaw) is mentioned, which expands scope and should be explicit in metadata if intended.
!
Instruction Scope
The SKILL.md tells users/agents to clone an external repo and run npm scripts that will execute unreviewed code. It asks for LLM endpoints and API keys (expected) but also instructs running a Next.js server with -H 0.0.0.0, which can expose a web UI and potentially keys to the network. The file claims 'All client-side — your API keys stay local' yet instructs starting server components — this is a contradictory instruction that affects where credentials live and how requests may be proxied.
!
Install Mechanism
No formal install spec is provided; instead SKILL.md recommends cloning https://github.com/rustyorb/pincer and running npm ci / npm run dev. That is effectively an install-from-GitHub workflow without integrity checks. Cloning and running unvetted third-party code presents a high install risk (arbitrary code executed via npm scripts).
!
Credentials
The skill declares no required env vars, which is consistent with an interactive UI, but it expects users to supply LLM endpoints and API keys at runtime. The SKILL.md claims keys remain local, yet running a server on 0.0.0.0 or using server-side Next.js could cause keys to be used or proxied server-side. The skill does not explain where keys are stored or whether they are ever transmitted to third parties; that lack of clarity is disproportionate to the declared 'client-side' guarantee.
Persistence & Privilege
always is false and the skill does not request persistent system-level privileges. Autonomous invocation is allowed (default), which is normal; however, the companion RedClaw autonomous agent mentioned in the docs indicates potential for automated campaigns if the user later installs/uses that tool — be aware of automated attack capability but this by itself is not an immediate privilege escalation.
What to consider before installing
This skill appears to be a red-team tool but contains several red flags you should address before running it: 1) Verify provenance — the registry entry lacks a homepage and source is 'unknown'; inspect the GitHub repo (https://github.com/rustyorb/pincer) yourself. 2) Do not run npm ci / npm run dev until you review package.json and all scripts and dependencies; run in an isolated environment (container or VM) and as a non-root user. 3) The SKILL.md uses git clone but metadata does not list git as required — ensure your environment matches actual instructions or adjust the instructions. 4) The doc claims 'all client-side' but instructs starting a Next.js server (npx next start -H 0.0.0.0) — confirm whether API keys are ever proxied server-side and avoid binding to 0.0.0.0 on untrusted networks; prefer localhost-only or a browser-only build. 5) If you must test, run initial scans (npm audit, static analysis) and host the app in a sandbox before supplying any real API keys; consider using throwaway keys or scope-limited accounts. 6) Ensure you have explicit authorization to test any target systems; this tool is for authorized testing only. If you want a safer evaluation, provide the repository URL and package.json so the code can be reviewed for network calls, telemetry, and server-side behavior.

Like a lobster shell, security has layers — review code before you run it.

latestvk973jd81zg90m3q1y89e9tsz7d81w6dallm-securityvk973jd81zg90m3q1y89e9tsz7d81w6dapentestvk973jd81zg90m3q1y89e9tsz7d81w6dared-teamvk973jd81zg90m3q1y89e9tsz7d81w6dasecurityvk973jd81zg90m3q1y89e9tsz7d81w6da

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🦞 Clawdis
Binsnode, npm

Comments