Unpinched — PinchTab Detector

Version updated for https://github.com/Helixar-AI/Unpinched to version v0.2.0.

• This action is used across all versions by ? repositories.

Action Type

This is a Composite action.

Go to the GitHub Marketplace to find the latest changes.

Action Summary

The pinchtab-detector GitHub Action is a security tool designed to detect artifacts and indicators of PinchTab, a stealth browser hijacking toolkit that exploits the Chrome DevTools Protocol. It automates the scanning of environments for signs of unauthorized browser session control, credential theft, and agentic prompt injection, providing risk assessments to safeguard AI workflows and browser-based systems. This action is particularly valuable for mitigating advanced threats that evade traditional security measures.

Release notes

pinchtab-detector 0.2.0

Point-in-time scanner for PinchTab deployment and agentic browser bridge artifacts. Published by Helixar Labs.

Changelog

• c06f10972c5c337a3e90e46e01d48caff4a1ce59 Fix formatting in README.md for consistency
• 9ce4644fb5a2d3271dcc42a0841b3915331f7597 Initial commit: pinchtab-detector v0.1.0
• f1c2268ac6231969a2b7dc71c2fc3cc5b142eae6 feat: add GitHub Actions Marketplace action
• 39862596c1d7ee491b0bfbd3b87c62322f08d522 feat: close all PinchTab bypass vectors + update README for v0.2.0
• ae1f5b50f08523e5e487ab9f44752598ca6af775 feat: close all confirmed PinchTab bypass vectors (v0.2.0)
• 72d7b5e3c087f1e6ba47750ea32c4f10ec574082 fix: goreleaser v2 config corrections
• bd348ef3a52e2aedc3a285098d5afa977e8b4443 fix: shorten action description for Marketplace
• 85aefc1a9ae0f42434547b3ad3f32e9b38f77e66 fix: update badges and links to correct repo

• Helixar-AI
• GitHub Actions