Hash Generate
PassAudited by ClawScan on May 1, 2026.
Overview
This is a benign hash utility, but it sends the text or HMAC key you provide to an external service, so avoid secrets unless you explicitly consent.
This skill appears coherent and proportionate for hash and encoding tasks. Before installing or using it, remember that inputs are processed by https://hash.agentutil.net; avoid sending passwords, secrets, private keys, or confidential data unless you intentionally approve that external transfer.
Findings (1)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Anything submitted for hashing, HMAC, encoding, decoding, or identification may leave your local environment and be processed by the external service.
The skill clearly discloses that user input is sent to a third-party API; this is purpose-aligned for an API-backed hash utility, but sensitive inputs such as HMAC keys or secrets could be exposed to that service.
This skill sends user-provided input to an external API for processing. Do not send sensitive data (passwords, secrets, private keys) without explicit user consent.
Use only non-sensitive inputs by default, and require explicit confirmation before sending passwords, private keys, API tokens, or other secrets.