Security●Mid
Security toolkit for OpenClaw – scanner, hardened configs, guides
Malicious OpenClaw skill scanner, but the market for hardening OpenClaw specifically is tiny.
Solve My Problem
munnam77
103mo ago
Back to browse
GitHub Repository
You've been pinched. Now get unpinched. Find out if PinchTab is running on your host before someone else does.
11 starsGo
Unpinched – open-source PinchTab and CDP bridge detector
by Siri_D·Mar 9, 2026·1 point·0 comments
AI Analysis
●●SolidDark HorseNiche Gem
CDP-based attack detection that EDR tools miss, backed by published research.
Strengths
- •Addresses genuine blind spot in conventional endpoint security stacks
- •Single binary runs in ~3 seconds with no installation required
- •GitHub Action integration for CI deploy gating on clean scans
Weaknesses
- •Narrow scope targeting one specific attack vector only
- •Utility depends on PinchTab adoption in the wild
Category
Target Audience
Security teams and developers running AI agent frameworks with browser access
Similar To
rkhunter · chkrootkit · Lynis
Post Description
We published a free CLI tool after writing about PinchTab — a browser hijacking
technique that abuses Chrome DevTools Protocol to give attackers (or compromised
AI agents) silent access to live browser sessions. No malware signature. No process
injection. Most EDRs don't see it at all.
Unpinched is a point-in-time scanner — think nmap for PinchTab presence. Single Go binary, no install required, runs in ~3 seconds.
It checks four things: - Local ports for a PinchTab HTTP API server (with signature verification) - Running processes matching known PinchTab binary names - Unauthenticated CDP exposure on localhost:9222 - Known filesystem artifact paths across macOS, Linux, Windows
Also ships as a GitHub Action so you can gate deploys on a clean scan result.
GitHub: https://github.com/Helixar-AI/Unpinched
The underlying research on why CDP-based attacks evade conventional security stacks is here if you're curious: https://helixar.ai/press/pinchtab-stealth-browser-attacks-yo...
Happy to answer questions on the detection logic or the threat model.
Similar Projects
Security●●Solid
Open-source security scanner for MCP (Model Context Protocol) servers
MCP-specific guardrails when Claude ecosystem lacks native security scanning.
Solve My ProblemDark Horse
neuralweaves
203mo ago
Security●●Solid
VibeScan – Free client-side security scanner for AI-generated code
Client-side scanner catches hardcoded secrets in AI code—real problem, obvious solution.
Solve My ProblemNiche Gem
dbhariprakash
103mo ago
Security●●●Banger
ClawCare – Security scanner and runtime guard for AI agent skills
Catches malicious skills before they steal your AWS keys or pipe data exfiltration.
Solve My ProblemBig BrainShip It
chendev2
143mo ago
Security●●Solid
Sentinel – Open-source MCP security scanner (config, probe, container)
26 MCP-specific checks with GitHub Actions + SARIF, but confined to emerging protocol ecosystem.
Solve My ProblemNiche Gem
Siri_D
103mo ago
Security●Mid
Lateos/NPM-scan – open-source NPM supply chain scanner, v0.18.3
NPM supply chain scanner competing against Socket, Snyk, and npm audit.
Ship It
lateos-ai
1011d ago