PinchTab Browser Ops
Security checks across static analysis, malware telemetry, and agentic risk
Overview
This is a coherent browser-automation skill, but it gives the agent broad control over logged-in browser sessions and website actions that users should review carefully.
Install only if you are comfortable letting the agent control a browser session. Prefer a dedicated browser profile, require confirmation before submissions or posts, manually handle login/2FA, and verify the PinchTab CLI source because it is not included or declared by the skill.
Static analysis
No static analysis findings were reported for this release.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked on a logged-in site, the agent could fill forms, save drafts, submit changes, or publish content using the user's account.
This authorizes broad browser actions, including form submission and content publishing, across websites. It is purpose-aligned, but high-impact actions are not clearly bounded by site, account, reversibility, or final user-confirmation requirements.
Use when the user asks to operate websites, fill forms, publish content (for example 小红书), collect page text, or run repeatable browser workflows
Use this only with clear, task-specific instructions. Confirm before any submission, purchase, account change, public post, or other irreversible action.
The agent may act as the user on any site already logged into in the reused browser profile.
The skill explicitly uses the existing browser profile, which may carry logged-in sessions, cookies, and account privileges. The artifacts do not limit which accounts or sites may be used.
Reuse current running instance/profile whenever it is operable. ... Keep the instance alive for subsequent tasks and state continuity.
Run it in a dedicated browser profile or isolated session, and avoid using it with sensitive accounts unless you explicitly intend the agent to act there.
Browser sessions may remain open and reusable after the task, which can be convenient but increases exposure if the environment is shared or later misused.
The persistence is disclosed and tied to workflow continuity, but it leaves browser state and possibly logged-in sessions active after the immediate task ends.
Do not close browser instances after task completion. Keep the instance alive for subsequent tasks and state continuity.
Close the browser instance or use a disposable profile when you do not want session state preserved.
Approving eval could let the agent manipulate page internals beyond normal clicks and form fills.
The skill allows an eval escape hatch, which can execute lower-level browser logic. The explicit-approval and short-lived-use requirements reduce the risk.
Use `eval` only when explicitly approved and only for short-lived unblock; revert to normal flow immediately.
Approve eval only for a specific, understood unblock and ask the agent to explain exactly what it will run.
The reviewed artifacts do not show what PinchTab binary/version will actually run on the user's machine.
The skill's workflow depends on `pinchtab` CLI commands, but the registry metadata does not declare a required binary or provide an install/provenance path for that external tool.
Required binaries (all must exist): none ... No install spec — this is an instruction-only skill.
Install PinchTab only from a trusted source and verify the binary before allowing this skill to control browser sessions.