Od Tool
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent or user points the tool at a private file, that file's bytes may be exposed in the conversation output.
The script opens and reads the path supplied by the user or agent. This is expected for a file dump utility, but it means sensitive files would be printed if selected.
data=open(sys.argv[1] if len(sys.argv)>1 else sys.stdin.read(),'rb').read()
Use it only on files you intentionally want inspected, and verify the file path before running it.
The tool may fail or produce unexpected output when used according to the documented examples.
The documentation advertises multiple output modes, but the included script only prints octal bytes and does not parse these options.
- `-x`: Hexadecimal output - `-d`: Decimal output - `-c`: ASCII character display - `-A`: Select address base
Treat this as a basic octal-only dump script unless the implementation is updated to match the documentation.