Xxd Tool
PassAudited by ClawScan on May 14, 2026.
Overview
The skill appears to be a local hex-dump helper with no credential or network behavior, but its documentation advertises features and a command setup that the included artifacts do not clearly support.
This looks safe to install from a security perspective, but treat it as a very simple hex-dump helper unless you independently confirm that reverse mode, patching, JSON output, and other advertised options are actually available.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Users may expect features that are not actually provided by the included code, which could cause failed commands or misplaced confidence during binary editing tasks.
The documentation advertises multiple advanced capabilities, including reverse conversion, patching, and JSON output, but the included Python script only reads bytes and prints a basic hex/ASCII dump. This is a capability mismatch rather than evidence of malicious behavior.
Options: ... -r, --reverse ... --patch OFFSET:HEX ... --json
Verify the installed command and supported options before relying on this skill for reverse conversion, patching, or structured output.
If `xxd-tool` is not installed by this package, commands may fail or may resolve to some unrelated executable already on the system.
The skill includes a script file but does not provide an installation or command-mapping specification for the documented `xxd-tool` command, leaving some ambiguity about what executable the agent or user would invoke.
No install spec — this is an instruction-only skill.
Confirm the command path or run the included script directly only after reviewing it.