This is a security-focused MCP gateway that sits between your AI agent and external APIs like Gemini, OpenAI, Claude, and OpenRouter. Instead of storing real API keys in environment files, your agent only knows a proxy token. Pincer maps that token to the actual credential, decrypts it from your OS keychain just-in-time for the API call, then scrubs it from memory. It also handles GPG signing and decryption without exposing private keys. You'd use this if you're worried about prompt injection attacks or host compromise leaking credentials, or if you need audit logs and per-agent authorization controls for multi-tenant setups.
claude mcp add --transport stdio io.github.vouchlyai-pincer uvx pincer