v1.0.0

Sha1 Tool

BenignClawScan verdict for this skill. Analyzed May 2, 2026, 9:30 PM.

Analysis

This is a simple local SHA-1 hashing utility with no credentials or network behavior, though its implementation does not fully match the documented piped-input/options behavior.

GuidanceThis skill appears safe for basic local SHA-1 hashing. Use explicit file paths, and be aware that the included script does not actually read piped input as the documentation suggests.

Findings (1)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

scripts/sha1.py

h.update(open(sys.argv[1] if len(sys.argv) > 1 else "a.txt", "rb").read())

The script reads a local file path and defaults to a.txt when no argument is supplied. That is broadly purpose-aligned for hashing files, but it does not implement the documented piped-input behavior and could hash an unintended local file if invoked without an explicit filename.

User impactIf used with piped input or without a filename, the tool may produce a hash for a local a.txt file instead of the intended input.

RecommendationInvoke it only with the exact file path you intend to hash, or update the implementation/docs to handle stdin and documented options correctly.