You're always in control. Pinchr gives you powerful tools to monitor, restrict, and approve your AI assistant's actions.
Pinchr is powered by OpenClaw, an open-source AI agent engine. Pinchr inherits OpenClaw's security model — understanding it is essential before granting your agent access to your system.
Comprehensive threat model covering prompt injection, data exfiltration, and more.
Security policies, vulnerability disclosure, and trust documentation.
Built-in audit tools for monitoring and reviewing agent actions.
Found a vulnerability? Report it at trust.openclaw.ai.
Pinchr runs entirely on your Mac. No data is sent to our servers. Your conversations, files, and API keys stay local. Your agent only has the permissions you grant, and you can revoke them anytime. Pinchr's security model is built on top of OpenClaw's security framework.
Your agent requests permission before performing sensitive actions. You control what it can access:
Control which folders your agent can read, write, or execute files in. You can whitelist specific directories or require approval for each operation.
Your agent can run terminal commands for git, npm, docker, and more. You can require approval for destructive commands or allow trusted operations automatically.
Control which domains and APIs your agent can contact. Useful for preventing accidental data leaks or restricting internet access entirely.
Permissions for sending messages via Slack, email, iMessage, or Discord. Require approval before sending, or trust your agent to respond on your behalf.
Let your agent interact with desktop apps — clicking, typing, opening URLs. Requires macOS Accessibility and Screen Recording permissions.
Configure permission scopes from Settings → Security → Permissions.
In Approval Mode, your agent asks permission before every action:
Approval Mode is great when you're learning how Pinchr works or working on sensitive tasks. You can enable it from Settings → Security.
If your agent does something unexpected or you want to stop all activity immediately, use the Kill Switch:
Press ⌘⇧K or click the kill switch icon in the menu bar to:
The kill switch doesn't delete any data or history — it just pauses all agent activity. You can resume by re-enabling permissions in Settings.
Every action your agent takes is logged with full details. View the audit log from Settings → Security → Audit Log:
Logs are stored locally and encrypted. You can export or clear your audit log anytime.
Watch what your agent is doing in real-time from the Activity Monitor:
See every action your agent takes as it happens — file reads, commands, network requests.
Monitor CPU, memory, and API usage. Set limits to prevent runaway costs or resource spikes.
See how long tasks take. Identify slow operations or bottlenecks in your workflows.
Get alerts if your agent behaves unusually — excessive API calls, unexpected network access, etc.
Here's what happens to your data:
Conversations, files, and agent actions are stored on your Mac. Nothing is sent to Pinchr servers.
Your Anthropic or OpenAI API keys are encrypted using macOS Keychain. They never touch our servers.
Your agent sends context to Anthropic/OpenAI APIs for reasoning. You can exclude sensitive files or folders.
We collect anonymized crash reports and feature usage (if you opt in). No personal data, file contents, or conversations.
We take security seriously. Reach out if you have questions or need help.