Hashgen

Security checks across malware telemetry and agentic risk

Overview

HashGen is a local hashing utility whose behavior is disclosed and purpose-aligned, with a privacy caveat around terminal output for sensitive inputs.

Install only if you are comfortable with a local shell-based hashing tool. Avoid passing passwords, API keys, or tokens as command-line text, especially with `hashgen all`, because input and hash values may appear in terminal history, scrollback, or logs. Prefer SHA256 or SHA512 for integrity checks; MD5 and SHA1 are included for compatibility, not strong security.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (2)

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The `all` command prints the raw user-supplied input (`Input: "$text"`) along with multiple derived hashes directly to stdout. If users supply secrets such as passwords, API keys, or tokens, those values can be exposed in terminal scrollback, shell session recordings, logs, or other captured output; in a hashing utility, that misuse is plausible enough to treat as a real information-disclosure issue.

Missing User Warnings

Medium

Confidence: 89% confidence
Finding: The `verify` command prints both the computed hash and the expected hash during verification. While it does not print the plaintext directly, it emits verification details derived from potentially sensitive input and may disclose secret-associated digest values in logs or captured output; for integrity tools used on secrets, this is a meaningful exposure risk.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal