ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hash Generate

v1.0.0

Hash, HMAC, encode/decode, UUID generation, and hash identification.

0· 312·2 current·2 all-time
by@cutthemustard
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description align with the SKILL.md endpoints (hash, hmac, encode/decode, identify, uuid). The skill requests no unrelated binaries, env vars, or config paths.
Instruction Scope
Instructions are concrete curl calls to https://hash.agentutil.net and do not ask the agent to read local files or unrelated environment variables. However, the skill explicitly sends user-provided input to an external service — this is expected for a remote hashing API but has data-exfiltration implications for sensitive inputs.
Install Mechanism
No install spec or code files are present (instruction-only), so nothing is written to disk or installed by the skill.
Credentials
The skill requests no environment variables or credentials (proportional). One additional consideration: pricing references a paid tier using an on-chain payment protocol (x402 / USDC on Base), which implies an external payment flow or wallet interaction not handled by the skill; this is informational but may be unexpected for some users.
Persistence & Privilege
always:false and no special privileges are requested. The skill does not request permanent presence or system-level changes.
Assessment
This skill calls a third-party API (https://hash.agentutil.net) to compute hashes and encodings. Do not send passwords, private keys, or other secrets to it unless you explicitly accept the risk. Verify the service's trustworthiness (homepage, privacy policy) before using with sensitive data. Note the free tier is rate-limited (10/day) and a paid option mentions crypto payments — be cautious about any external payment flow. If you need hashing for sensitive data, consider using a local library or tool instead of an external API.

Like a lobster shell, security has layers — review code before you run it.

latestvk97c707bhhxhp6spkvgbs68a2x829w9f

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🔐 Clawdis

Comments