Sha256 Tool
AdvisoryAudited by Static analysis on May 3, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If invoked without an explicit file, the tool may read a local file named a.txt instead of hashing piped text.
The script reads a provided file path, or a default local file named a.txt if no argument is given. This is purpose-aligned for file hashing, but differs from the documented stdin example and could hash an unexpected local file.
h.update(open(sys.argv[1] if len(sys.argv) > 1 else "a.txt", "rb").read())
Use an explicit file path when invoking the tool, and consider updating the script to support stdin or fail safely when no input is provided.
The skill may not run as documented unless the environment already provides a matching command or wrapper.
The documentation references a sha256-tool command, but no install specification explains how that command is created from the included script.
No install spec — this is an instruction-only skill.
Verify the actual installed command or invoke the included Python script directly if appropriate.