pipelock

Verified·Scanned 2/18/2026

Provides a local HTTP proxy pipelock that scans outbound requests for API-key leaks, SSRF, prompt injection, and DLP. The skill includes explicit CLI examples (brew install, go install, pipelock run --config pipelock.yaml, curl "http://localhost:8888/fetch?url=https://example.com/api/data") that run the binary and perform network calls.

from clawhub.ai·v3d4ab4c·2.7 KB·0 installs
Scanned from 0.1.4 at 3d4ab4c · Transparency log ↗
$ vett add clawhub.ai/luckypipewrench/pipelock

Pipelock Security Harness

Pipelock is a fetch proxy that sits between you and the internet. Every outbound HTTP request passes through a 7-layer scanner pipeline that catches API key leaks, SSRF attempts, prompt injection, and data exfiltration.

Installation

# Homebrew (macOS/Linux)
brew install luckyPipewrench/tap/pipelock

# Or Go
go install github.com/luckyPipewrench/pipelock/cmd/pipelock@latest

Quick Start

Generate a config and start the proxy:

pipelock generate config --preset balanced -o pipelock.yaml
pipelock run --config pipelock.yaml

The proxy listens on http://localhost:8888. Route your HTTP requests through it:

curl "http://localhost:8888/fetch?url=https://example.com/api/data"

Using with MCP Servers

Wrap any MCP server to scan its responses for prompt injection:

pipelock mcp proxy -- npx @modelcontextprotocol/server-filesystem /path/to/dir

What It Catches

  1. SSRF - blocks requests to internal IPs, catches DNS rebinding
  2. Domain blocklist - blocks exfiltration targets (pastebin, transfer.sh)
  3. Rate limiting - detects unusual request bursts
  4. DLP patterns - detects API keys (Anthropic, OpenAI, AWS, GitHub) in URLs and bodies
  5. Env var leaks - detects your actual env var values in outbound traffic
  6. Entropy analysis - flags high-entropy strings that look like secrets
  7. URL length limits - flags unusually long URLs suggesting exfiltration

Actions

Configure what happens when a threat is detected:

  • block - reject the request
  • strip - redact the match and forward
  • warn - log and pass through
  • ask - terminal prompt for human approval (y/N/s)

Presets

  • balanced - default, good for most setups
  • strict - blocks aggressively, tight thresholds
  • audit - detect and log only, never blocks
  • claude-code - tuned for Claude Code agent workflows
  • cursor - tuned for Cursor IDE
  • generic-agent - works with any agent framework

Workspace Integrity

Detect unauthorized changes to your workspace files:

pipelock integrity init ./workspace
pipelock integrity check ./workspace

More Info