技能详情(站内镜像,无评论)
许可证:MIT-0
MIT-0 ·免费使用、修改和重新分发。无需归因。
版本:v1.0.1
统计:⭐ 0 · 1.2k · 2 current installs · 2 all-time installs
⭐ 0
安装量(当前) 2
🛡 VirusTotal :良性 · OpenClaw :良性
Package:pincer
安全扫描(ClawHub)
- VirusTotal :良性
- OpenClaw :良性
OpenClaw 评估
The skill is a coherent, security-focused wrapper around clawhub installs — its files and runtime behavior match the described purpose, with only minor metadata/dependency inconsistencies to note.
目的
The name/description (security wrapper for installing skills) align with the provided code: a shell script that fetches skills via clawhub, scans them (mcp-scan + pattern checks), and optionally installs them. The features (trust lists, audit, pattern checks, history) are implemented in the script and match the SKILL.md.
说明范围
SKILL.md and the install script stay within the stated purpose: they fetch skill files, run pattern checks and mcp-scan, and then (when approved) call through to normal installation. The script reads/writes only user-scoped paths (~/.config/pincer, ~/.local/bin) and does not attempt to read unrelated system config or unrelated credentials. Note: the script depends on clawhub, uvx, jq and uses the 'file' utility — these runtime commands are use…
安装机制
Installation is a bundled shell script that the SKILL.md symlinks into ~/.local/bin. This is a low-risk, transparent install mechanism: no external arbitrary URL downloads are performed by the installer itself. The script does run uvx (mcp-scan) at runtime which may fetch plugins via the uvx tool, but that behavior is consistent with the declared mcp-scan integration.
证书
The skill declares no required environment variables or secrets (primary credential: none), which is appropriate. However, SKILL.md/script rely on other binaries at runtime (clawhub, uvx, jq, and likely 'file') that are not included in the registry 'required binaries' field (metadata only lists 'pincer'). This mismatch is a minor coherence issue: the runtime script will fail unless those dependencies are present, and users should be aware thes…
持久
The skill does not request always: true and does not modify system-wide settings. It writes per-user config and history to ~/.config/pincer and creates a symlink under ~/.local/bin — expected for a user-level CLI. It does not attempt to persist beyond the user's home or modify other skills' configs.
综合结论
This skill is designed to add a safety layer around 'clawhub install' and its code matches that purpose. Before installing, note: (1) pincer requires clawhub, uvx (mcp-scan), jq and commonly 'file' at runtime — the registry metadata only listed 'pincer', so install those dependencies first; (2) pincer stores config/history in ~/.config/pincer and installs a pincer binary under ~/.local/bin (it will suggest adding that dir to PATH); (3) pincer …
安装(复制给龙虾 AI)
将下方整段复制到龙虾中文库对话中,由龙虾按 SKILL.md 完成安装。
请把本段交给龙虾中文库(龙虾 AI)执行:为本机安装 OpenClaw 技能「Pincer」。简介:Security-first wrapper for installing agent skills. Scans for malware, prompt i…。
请 fetch 以下地址读取 SKILL.md 并按文档完成安装:https://raw.githubusercontent.com/openclaw/skills/refs/heads/main/skills/panzacoder/pincer/SKILL.md
(来源:yingzhi8.cn 技能库)SKILL.md
---
name: pincer
description: Security-first wrapper for installing agent skills. Scans for malware, prompt injection, and suspicious patterns before installation. Use instead of `clawhub install` for safer skill management.
homepage: https://github.com/panzacoder/pincer
metadata:
openclaw:
emoji: "🦞"
requires:
bins: ["pincer"]
install:
- id: symlink
kind: script
label: "Install pincer to PATH"
script: |
chmod +x "${SKILL_DIR}/scripts/pincer.sh"
mkdir -p ~/.local/bin
ln -sf "${SKILL_DIR}/scripts/pincer.sh" ~/.local/bin/pincer
echo ""
echo "✅ pincer installed!"
echo ""
echo "Make sure ~/.local/bin is in your PATH:"
echo ' export PATH="$HOME/.local/bin:$PATH"'
echo ""
echo "Usage:"
echo " pincer install <skill> # Safe install with scanning"
echo " pincer scan <skill> # Scan without installing"
echo " pincer audit # Scan all installed skills"
echo ""
---
# pincer 🛡️
Security-first wrapper for `clawhub install`. Scans skills for malware, prompt injection, and suspicious patterns before installation.
## Why?
Agent skills are powerful — they're basically executable documentation. The ClawHub ecosystem has already seen [malware campaigns](https://snyk.io/blog/toxicskills-malicious-ai-agent-skills-clawhub/) distributing infostealers via innocent-looking skills. pincer adds a security layer before you install anything.
## Install
```bash
# From ClawHub
clawhub install pincer
# Or manually
chmod +x ./scripts/pincer.sh
ln -sf "$(pwd)/scripts/pincer.sh" ~/.local/bin/pincer
```
**Dependencies:**
- `clawhub` — for fetching skills
- `uvx` — for mcp-scan (`brew install uv`)
- `jq` — for JSON parsing
## Usage
### Safe Install
```bash
# Instead of: clawhub install some-skill
pincer install some-skill
# With specific version
pincer install some-skill@1.2.0
```
### Scan Without Installing
```bash
# Scan a ClawHub skill
pincer scan some-skill
# Scan a local directory
pincer scan ./path/to/skill
# JSON output for automation
pincer scan some-skill --json
```
### Audit Installed Skills
```bash
# Quick-scan all installed skills
pincer audit
# JSON output
pincer audit --json
```
### Manage Trust
```bash
# Add trusted publisher (auto-approve clean skills)
pincer trust add steipete
# Remove from trusted
pincer trust remove old-publisher
# Block a publisher or skill
pincer trust block suspicious-dev
pincer trust block malware-skill
# Unblock
pincer trust unblock redeemed-dev
# List all trust settings
pincer trust list
```
### View History
```bash
# See what you've installed
pincer history
# JSON output
pincer history --json
```
### Configuration
```bash
# Show current config
pincer config show
# Edit in $EDITOR
pincer config edit
# Reset to defaults
pincer config reset
```
## What It Checks
### Via mcp-scan (Invariant Labs)
- Prompt injection attacks
- Malware payloads in natural language
- Tool poisoning
- Sensitive data exposure
- Hard-coded secrets
### Additional Pattern Detection
| Pattern | Risk | Description |
|---------|------|-------------|
| Base64 commands | 🚨 High | Encoded shell commands |
| Hex payloads | 🚨 High | Obfuscated binary data |
| `xattr -d quarantine` | 🚨 High | macOS Gatekeeper bypass |
| `curl | sh` | 🚨 High | Pipe to shell execution |
| Password archives | 🚨 High | Hidden malicious payloads |
| Download + execute | ⚠️ Medium | `chmod +x && ./` patterns |
| `eval $var` | ⚠️ Medium | Dynamic code execution |
| Hidden files | ⚠️ Medium | Dot-file creation |
| Persistence | ⚠️ Medium | cron/launchd entries |
### Publisher & Provenance
- Publisher reputation (trusted list)
- Download count threshold
- Skill age threshold
- Blocklist checking
### Binary Detection
- Scans for bundled executables
- Flags Mach-O, ELF, PE32 binaries
## Risk Levels
| Level | Meaning | Action |
|-------|---------|--------|
| ✅ **CLEAN** | No issues | Auto-approve if trusted publisher |
| ⚠️ **CAUTION** | Warnings present | Prompt for approval |
| 🚨 **DANGER** | Suspicious patterns | Block (override with `--force`) |
| ☠️ **MALWARE** | Known malicious | Block (cannot override) |
| ⛔ **BLOCKED** | On blocklist | Block (cannot override) |
## Configuration
Config: `~/.config/pincer/config.json`
```json
{
"trustedPublishers": ["openclaw", "steipete", "invariantlabs-ai"],
"blockedPublishers": [],
"blockedSkills": [],
"autoApprove": "clean",
"logInstalls": true,
"minDownloads": 0,
"minAgeDays": 0
}
```
| Key | Description |
|-----|-------------|
| `trustedPublishers` | Publishers whose clean skills auto-approve |
| `blockedPublishers` | Always block these publishers |
| `blockedSkills` | Always block these specific skills |
| `autoApprove` | `"clean"` = auto-approve clean+trusted, `"never"` = always prompt |
| `logInstalls` | Log installations to history file |
| `minDownloads` | Warn if skill has fewer downloads |
| `minAgeDays` | Warn if skill is newer than N days |
## Examples
### Clean Install
```
$ pincer install bird
🛡️ pincer v1.0.0
→ Fetching bird from ClawHub...
Publisher: steipete (trusted)
Stats: 7363 downloads · 27 ★ · created 1 month ago
🛡️ pincer Scanning bird...
→ Running mcp-scan...
✅ mcp-scan: passed
→ Checking for suspicious patterns...
✅ Pattern check: passed
→ Checking external URLs...
✅ URL check: passed
→ Checking for bundled binaries...
✅ Binary check: passed
Risk Assessment:
✅ CLEAN — No issues detected
→ Auto-approved (clean + trusted config).
→ Installing bird...
✅ Installed successfully!
```
### Dangerous Skill Blocked
```
$ pincer install sketchy-tool
🛡️ pincer v1.0.0
→ Fetching sketchy-tool from ClawHub...
Publisher: newaccount (unknown)
Stats: 12 downloads · 0 ★ · created 2 days ago
🛡️ pincer Scanning sketchy-tool...
→ Running mcp-scan...
🚨 mcp-scan: high-risk warnings
→ Checking for suspicious patterns...
🚨 Pattern check: suspicious patterns found
• curl/wget piped to shell
• macOS quarantine removal (xattr)
→ Checking external URLs...
⚠️ URL check: external URLs found
• http://sketchy-domain.xyz/install
→ Checking for bundled binaries...
✅ Binary check: passed
Risk Assessment:
🚨 DANGER — Suspicious patterns detected
• mcp-scan: high-risk patterns detected
• curl/wget piped to shell
• macOS quarantine removal (xattr)
☠️ Install blocked. Use --force to override (not recommended).
```
## Credits
- [mcp-scan](https://github.com/invariantlabs-ai/mcp-scan) by Invariant Labs — core security scanning
- [1Password Security Research](https://1password.com/blog/from-magic-to-malware-how-openclaws-agent-skills-become-an-attack-surface) — threat analysis that inspired this tool
- [Snyk ToxicSkills Report](https://snyk.io/blog/toxicskills-malicious-ai-agent-skills-clawhub/) — ecosystem threat research
## License
MIT
---
**Stay safe out there.** 🛡️