Back to skill
Skillv1.0.0
ClawScan security
Md5 Tool · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignApr 29, 2026, 6:20 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- This skill is internally consistent with its description: a small, local MD5 checksum tool that reads a file or stdin and prints the hash, with no network access or credential requests.
- Guidance
- This skill is a tiny, local MD5 calculator and appears safe: it reads the specified file or stdin and prints the hash, with no networking or credential access. Keep in mind MD5 is fast but cryptographically weak (susceptible to collisions) — prefer SHA-256 or stronger hashes for security-critical integrity or authentication tasks. As with any tool, avoid running it on sensitive files if you do not want their fingerprints exposed in logs or stdout.
Review Dimensions
- Purpose & Capability
- okName, description, and provided code match: the included scripts/md5.py reads a file or stdin and prints an MD5 hex digest. There are no unrelated env vars, binaries, or functionality requested.
- Instruction Scope
- okSKILL.md instructs running the tool on a file or via stdin and gives typical examples (producing or checking hashes). The runtime instructions do not reference other files, system credentials, or external endpoints.
- Install Mechanism
- okNo install spec present (instruction-only). The shipped script is small, plaintext Python with no downloads or extract steps, so there is no risky install activity.
- Credentials
- okThe skill requires no environment variables, credentials, or config paths — proportional to a local hashing utility.
- Persistence & Privilege
- okSkill is not always-enabled and does not request elevated or persistent privileges or modify other skills or system-wide settings.