pincer：安全的技能安装与恶意软件扫描

AI智能体脚本智能办公脚本自动化游戏脚本浏览器自动化脚本服务器脚本

pincer：安全的技能安装与恶意软件扫描 - Openclaw Skills

作者：互联网

2026-03-26

环境安装

什么是 pincer？

pincer 是开发人员利用 Openclaw Skills 的关键安全层。虽然智能体技能提供了巨大的能力，但它们也可能成为恶意软件或提示词注入攻击的载体。该工具封装了标准的安装过程，在执行任何操作之前对源代码和元数据进行深度分析。通过集成 mcp-scan 和自定义模式检测等工具，它降低了与第三方技能采用相关的风险，并保护本地环境免受恶意负载的侵害。

下载入口:https://github.com/openclaw/skills/tree/main/skills/panzacoder/pincer

安装与下载

1. ClawHub CLI

从源直接安装技能的最快方式。

npx clawhub@latest install pincer

2. 手动安装

将技能文件夹复制到以下位置之一

全局模式 ~/.openclaw/skills/ 工作区 /skills/

优先级：工作区 > 本地 > 内置

3. 提示词安装

将此提示词复制到 OpenClaw 即可自动安装。

请帮我使用 Clawhub 安装 pincer。如果尚未安装 Clawhub，请先安装（npm i -g clawhub）。

Install

pincer 应用场景

通过实时风险评估和恶意软件检测，安全地从 ClawHub 安装新技能。
审计现有的 Openclaw Skills，以识别本地库中以前未检测到的威胁或可疑更新。
在向社区发布之前，扫描本地技能开发目录以查找安全漏洞。
管理与特定发布者的信任关系，以自动化安全安装，同时拦截已知的恶意行为者。

pincer 工作原理

用户通过 pincer CLI 发起安装或扫描命令。
pincer 从 ClawHub 或本地目录获取目标技能的元数据和源代码。
它执行 mcp-scan 以检测提示词注入、工具污染和敏感数据泄露风险。
二次模式匹配引擎检查混淆的负载，如 Base64 命令、十六进制负载或已知的恶意软件传递方法。
该工具根据用户定义的信任级别和存在时长阈值，评估发布者的声誉和技能统计数据。
pincer 生成风险评估（CLEAN、CAUTION、DANGER 或 MALWARE），并根据结果继续安装或拦截操作。

pincer 配置指南

# 通过 ClawHub 安装 pincer
clawhub install pincer

# 确保已安装必要的依赖项
brew install uv jq

# 将本地 bin 添加到您的 PATH 以实现全局访问
export PATH="$HOME/.local/bin:$PATH"

pincer 数据架构与分类体系

pincer 在用户的主目录中管理其配置和历史记录，以跟踪受信任的实体和安装日志。

文件	用途
`~/.config/pincer/config.json`	存储受信任的发布者、黑名单和自动批准设置。
`~/.local/share/pincer/history.json`	所有已扫描和安装的 Openclaw Skills 的日志，用于审计和溯源。

name: pincer
description: Security-first wrapper for installing agent skills. Scans for malware, prompt injection, and suspicious patterns before installation. Use instead of `clawhub install` for safer skill management.
homepage: https://github.com/panzacoder/pincer
metadata:
  openclaw:
    emoji: "??"
    requires:
      bins: ["pincer"]
    install:
      - id: symlink
        kind: script
        label: "Install pincer to PATH"
        script: |
          chmod +x "${SKILL_DIR}/scripts/pincer.sh"
          mkdir -p ~/.local/bin
          ln -sf "${SKILL_DIR}/scripts/pincer.sh" ~/.local/bin/pincer
          echo ""
          echo "? pincer installed!"
          echo ""
          echo "Make sure ~/.local/bin is in your PATH:"
          echo '  export PATH="$HOME/.local/bin:$PATH"'
          echo ""
          echo "Usage:"
          echo "  pincer install   # Safe install with scanning"
          echo "  pincer scan      # Scan without installing"
          echo "  pincer audit            # Scan all installed skills"
          echo ""

pincer ???

Security-first wrapper for clawhub install. Scans skills for malware, prompt injection, and suspicious patterns before installation.

Why?

Agent skills are powerful — they're basically executable documentation. The ClawHub ecosystem has already seen malware campaigns distributing infostealers via innocent-looking skills. pincer adds a security layer before you install anything.

Install

# From ClawHub
clawhub install pincer

# Or manually
chmod +x ./scripts/pincer.sh
ln -sf "$(pwd)/scripts/pincer.sh" ~/.local/bin/pincer

Dependencies:

clawhub — for fetching skills
uvx — for mcp-scan (brew install uv)
jq — for JSON parsing

Usage

Safe Install

# Instead of: clawhub install some-skill
pincer install some-skill

# With specific version
pincer install some-skill@1.2.0

Scan Without Installing

# Scan a ClawHub skill
pincer scan some-skill

# Scan a local directory
pincer scan ./path/to/skill

# JSON output for automation
pincer scan some-skill --json

Audit Installed Skills

# Quick-scan all installed skills
pincer audit

# JSON output
pincer audit --json

Manage Trust

# Add trusted publisher (auto-approve clean skills)
pincer trust add steipete

# Remove from trusted
pincer trust remove old-publisher

# Block a publisher or skill
pincer trust block suspicious-dev
pincer trust block malware-skill

# Unblock
pincer trust unblock redeemed-dev

# List all trust settings
pincer trust list

View History

# See what you've installed
pincer history

# JSON output
pincer history --json

Configuration

# Show current config
pincer config show

# Edit in $EDITOR
pincer config edit

# Reset to defaults
pincer config reset

What It Checks

Via mcp-scan (Invariant Labs)

Prompt injection attacks
Malware payloads in natural language
Tool poisoning
Sensitive data exposure
Hard-coded secrets

Additional Pattern Detection

Pattern	Risk	Description
Base64 commands	?? High	Encoded shell commands
Hex payloads	?? High	Obfuscated binary data
`xattr -d quarantine`	?? High	macOS Gatekeeper bypass
`curl \| sh`	?? High	Pipe to shell execution
Password archives	?? High	Hidden malicious payloads
Download + execute	?? Medium	`chmod +x && ./` patterns
`eval $var`	?? Medium	Dynamic code execution
Hidden files	?? Medium	Dot-file creation
Persistence	?? Medium	cron/launchd entries

Publisher & Provenance

Publisher reputation (trusted list)
Download count threshold
Skill age threshold
Blocklist checking

Binary Detection

Scans for bundled executables
Flags Mach-O, ELF, PE32 binaries

Risk Levels

Level	Meaning	Action
? CLEAN	No issues	Auto-approve if trusted publisher
?? CAUTION	Warnings present	Prompt for approval
?? DANGER	Suspicious patterns	Block (override with `--force`)
?? MALWARE	Known malicious	Block (cannot override)
? BLOCKED	On blocklist	Block (cannot override)

Configuration

Config: ~/.config/pincer/config.json

{
  "trustedPublishers": ["openclaw", "steipete", "invariantlabs-ai"],
  "blockedPublishers": [],
  "blockedSkills": [],
  "autoApprove": "clean",
  "logInstalls": true,
  "minDownloads": 0,
  "minAgeDays": 0
}

Key	Description
`trustedPublishers`	Publishers whose clean skills auto-approve
`blockedPublishers`	Always block these publishers
`blockedSkills`	Always block these specific skills
`autoApprove`	`"clean"` = auto-approve clean+trusted, `"never"` = always prompt
`logInstalls`	Log installations to history file
`minDownloads`	Warn if skill has fewer downloads
`minAgeDays`	Warn if skill is newer than N days

Examples

Clean Install

$ pincer install bird
??? pincer v1.0.0

  → Fetching bird from ClawHub...
  Publisher: steipete (trusted)
  Stats: 7363 downloads · 27 ★ · created 1 month ago

??? pincer Scanning bird...

  → Running mcp-scan...
  ? mcp-scan: passed
  → Checking for suspicious patterns...
  ? Pattern check: passed
  → Checking external URLs...
  ? URL check: passed
  → Checking for bundled binaries...
  ? Binary check: passed

Risk Assessment:
  ? CLEAN — No issues detected

  → Auto-approved (clean + trusted config).
  → Installing bird...
  ? Installed successfully!

Dangerous Skill Blocked

$ pincer install sketchy-tool
??? pincer v1.0.0

  → Fetching sketchy-tool from ClawHub...
  Publisher: newaccount (unknown)
  Stats: 12 downloads · 0 ★ · created 2 days ago

??? pincer Scanning sketchy-tool...

  → Running mcp-scan...
  ?? mcp-scan: high-risk warnings
  → Checking for suspicious patterns...
  ?? Pattern check: suspicious patterns found
    ? curl/wget piped to shell
    ? macOS quarantine removal (xattr)
  → Checking external URLs...
  ?? URL check: external URLs found
    ? http://sketchy-domain.xyz/install
  → Checking for bundled binaries...
  ? Binary check: passed

Risk Assessment:
  ?? DANGER — Suspicious patterns detected
    ? mcp-scan: high-risk patterns detected
    ? curl/wget piped to shell
    ? macOS quarantine removal (xattr)

  ?? Install blocked. Use --force to override (not recommended).

Credits

mcp-scan by Invariant Labs — core security scanning
1Password Security Research — threat analysis that inspired this tool
Snyk ToxicSkills Report — ecosystem threat research

License

MIT

Stay safe out there. ???

上一篇：Aegis402 护盾：AI 智能体区块链安全 - Openclaw Skills 下一篇：2026海棠线上文学城入口-海棠文学城2026官方新链接