Show HN: Pincer-MCP – Stop AI agents from reading their own credentials(github.com)
github.com
Show HN: Pincer-MCP – Stop AI agents from reading their own credentials
https://github.com/VouchlyAI/Pincer-MCP
1 comments
Please get in touch with us! We're in need of this very thing! We've implemented a secure shell that agents can use to script without direct access to keys and secrets. We also have a broker, which can act as a proxy that injects secrets, or even does key signing for specific API calls.
https://news.ycombinator.com/item?id=47005607
https://seksbot.com/
https://news.ycombinator.com/item?id=47005607
https://seksbot.com/
The problem: agents need file access to work, but if they can read files, they can read their own credentials. One prompt injection and your API keys are leaked.
Standard solutions don't help: - Environment variables: agent can read process.env - Secret managers: agent needs credentials to access them - Better prompting: can't security-patch an LLM with instructions
I built a proxy token architecture instead. The agent never sees real credentials:
- Agent has: pxr_abc123 (proxy token) - Real keys: encrypted in OS keychain - On API call: decrypt key, make call, scrub memory immediately
Built in 1 week. 500 npm installs with zero promotion (people are searching for this).
GitHub: https://github.com/VouchlyAI/Pincer-MCP npm: npm install -g pincer-mcp
Works with OpenClaw, Claude Desktop, any MCP client.
Looking for security feedback - if you see holes in the architecture, please tell me. I want to know before people trust this with production credentials.