pincerSecurity-first wrapper for installing agent skills. Scans for malware, prompt injection, and suspicious patterns before installation. Use instead of `clawhub install` for safer skill management.
Install via ClawdBot CLI:
clawdbot install panzacoder/pincerSecurity-first wrapper for clawhub install. Scans skills for malware, prompt injection, and suspicious patterns before installation.
Agent skills are powerful โ they're basically executable documentation. The ClawHub ecosystem has already seen malware campaigns distributing infostealers via innocent-looking skills. pincer adds a security layer before you install anything.
# From ClawHub
clawhub install pincer
# Or manually
chmod +x ./scripts/pincer.sh
ln -sf "$(pwd)/scripts/pincer.sh" ~/.local/bin/pincerDependencies:
clawhub โ for fetching skillsuvx โ for mcp-scan (brew install uv)jq โ for JSON parsing# Instead of: clawhub install some-skill
pincer install some-skill
# With specific version
pincer install some-skill@1.2.0# Scan a ClawHub skill
pincer scan some-skill
# Scan a local directory
pincer scan ./path/to/skill
# JSON output for automation
pincer scan some-skill --json# Quick-scan all installed skills
pincer audit
# JSON output
pincer audit --json# Add trusted publisher (auto-approve clean skills)
pincer trust add steipete
# Remove from trusted
pincer trust remove old-publisher
# Block a publisher or skill
pincer trust block suspicious-dev
pincer trust block malware-skill
# Unblock
pincer trust unblock redeemed-dev
# List all trust settings
pincer trust list# See what you've installed
pincer history
# JSON output
pincer history --json# Show current config
pincer config show
# Edit in $EDITOR
pincer config edit
# Reset to defaults
pincer config reset| Pattern | Risk | Description |
|---------|------|-------------|
| Base64 commands | ๐จ High | Encoded shell commands |
| Hex payloads | ๐จ High | Obfuscated binary data |
| xattr -d quarantine | ๐จ High | macOS Gatekeeper bypass |
| curl \| sh | ๐จ High | Pipe to shell execution |
| Password archives | ๐จ High | Hidden malicious payloads |
| Download + execute | โ ๏ธ Medium | chmod +x && ./ patterns |
| eval $var | โ ๏ธ Medium | Dynamic code execution |
| Hidden files | โ ๏ธ Medium | Dot-file creation |
| Persistence | โ ๏ธ Medium | cron/launchd entries |
| Level | Meaning | Action |
|-------|---------|--------|
| โ CLEAN | No issues | Auto-approve if trusted publisher |
| โ ๏ธ CAUTION | Warnings present | Prompt for approval |
| ๐จ DANGER | Suspicious patterns | Block (override with --force) |
| โ ๏ธ MALWARE | Known malicious | Block (cannot override) |
| โ BLOCKED | On blocklist | Block (cannot override) |
Config: ~/.config/pincer/config.json
{
"trustedPublishers": ["openclaw", "steipete", "invariantlabs-ai"],
"blockedPublishers": [],
"blockedSkills": [],
"autoApprove": "clean",
"logInstalls": true,
"minDownloads": 0,
"minAgeDays": 0
}| Key | Description |
|-----|-------------|
| trustedPublishers | Publishers whose clean skills auto-approve |
| blockedPublishers | Always block these publishers |
| blockedSkills | Always block these specific skills |
| autoApprove | "clean" = auto-approve clean+trusted, "never" = always prompt |
| logInstalls | Log installations to history file |
| minDownloads | Warn if skill has fewer downloads |
| minAgeDays | Warn if skill is newer than N days |
$ pincer install bird
๐ก๏ธ pincer v1.0.0
โ Fetching bird from ClawHub...
Publisher: steipete (trusted)
Stats: 7363 downloads ยท 27 โ
ยท created 1 month ago
๐ก๏ธ pincer Scanning bird...
โ Running mcp-scan...
โ
mcp-scan: passed
โ Checking for suspicious patterns...
โ
Pattern check: passed
โ Checking external URLs...
โ
URL check: passed
โ Checking for bundled binaries...
โ
Binary check: passed
Risk Assessment:
โ
CLEAN โ No issues detected
โ Auto-approved (clean + trusted config).
โ Installing bird...
โ
Installed successfully!$ pincer install sketchy-tool
๐ก๏ธ pincer v1.0.0
โ Fetching sketchy-tool from ClawHub...
Publisher: newaccount (unknown)
Stats: 12 downloads ยท 0 โ
ยท created 2 days ago
๐ก๏ธ pincer Scanning sketchy-tool...
โ Running mcp-scan...
๐จ mcp-scan: high-risk warnings
โ Checking for suspicious patterns...
๐จ Pattern check: suspicious patterns found
โข curl/wget piped to shell
โข macOS quarantine removal (xattr)
โ Checking external URLs...
โ ๏ธ URL check: external URLs found
โข http://sketchy-domain.xyz/install
โ Checking for bundled binaries...
โ
Binary check: passed
Risk Assessment:
๐จ DANGER โ Suspicious patterns detected
โข mcp-scan: high-risk patterns detected
โข curl/wget piped to shell
โข macOS quarantine removal (xattr)
โ ๏ธ Install blocked. Use --force to override (not recommended).MIT
Stay safe out there. ๐ก๏ธ
Generated Mar 1, 2026
Large organizations deploying AI agents across departments use Pincer to vet third-party skills before installation, preventing malware and prompt injection attacks that could compromise sensitive data. It integrates into CI/CD pipelines to scan skills from internal repositories, ensuring compliance with security policies and reducing risk from supply chain attacks.
Software development teams incorporate Pincer into their workflow to safely install and audit AI agent skills for coding assistants, automating security checks during skill updates. This prevents malicious code execution in development environments, protecting intellectual property and maintaining code integrity across collaborative projects.
Educational institutions using AI agents for teaching and research employ Pincer to scan skills from public repositories, blocking dangerous patterns like base64-encoded commands. It helps educators maintain a secure learning environment by auditing installed skills regularly and managing trusted publishers to prevent student exposure to risks.
Healthcare providers leveraging AI agents for patient data analysis use Pincer to ensure skills do not contain malware or data exfiltration payloads, complying with regulations like HIPAA. It scans for hard-coded secrets and suspicious patterns, enabling safe installation of skills that handle sensitive medical information without compromising privacy.
Startups building AI-powered products integrate Pincer to securely manage agent skills from ClawHub, scanning for threats before deployment to production. This minimizes security incidents, builds user trust by preventing prompt injection attacks, and allows rapid iteration with automated audits of skill dependencies.
Offer Pincer as a free open-source tool for basic scanning, with premium features like advanced threat intelligence, real-time blocklist updates, and enterprise support for a subscription fee. Revenue is generated from corporate licenses, custom integrations, and priority support for high-risk industries.
Provide consulting services to organizations for integrating Pincer into their AI agent ecosystems, including custom configuration, training, and ongoing security audits. Revenue comes from project-based fees, retainer agreements, and tailored security assessments for specific use cases.
Partner with AI agent marketplaces like ClawHub to offer Pincer as a built-in security layer, earning revenue through revenue-sharing agreements or licensing fees per scan. This model leverages existing user bases to drive adoption and monetize via transaction-based or flat-rate partnerships.
๐ฌ Integration Tip
Integrate Pincer early in the development lifecycle by adding it to pre-commit hooks or CI/CD pipelines to automate skill scanning before deployment, ensuring consistent security checks across all environments.
Transform AI agents from task-followers into proactive partners that anticipate needs and continuously improve. Now with WAL Protocol, Working Buffer, Autonomous Crons, and battle-tested patterns. Part of the Hal Stack ๐ฆ
Use the ClawdHub CLI to search, install, update, and publish agent skills from clawdhub.com. Use when you need to fetch new skills on the fly, sync installed skills to latest or a specific version, or publish new/updated skill folders with the npm-installed clawdhub CLI.
Clawdbot documentation expert with decision tree navigation, search scripts, doc fetching, version tracking, and config snippets for all Clawdbot features
Interact with Moltbook social network for AI agents. Post, reply, browse, and analyze engagement. Use when the user wants to engage with Moltbook, check their feed, reply to posts, or track their activity on the agent social network.
OpenClaw CLI wrapper โ gateway, channels, models, agents, nodes, browser, memory, security, automation.
MoltGuard โ runtime security plugin for OpenClaw agents by OpenGuardrails. Helps users install, register, activate, and check the status of MoltGuard. Use wh...