ClawHub

Hash Finder

Security checks across malware telemetry and agentic risk

Overview

This is a narrow hash lookup API skill, but users should treat submitted hashes as sensitive because they are sent to an external provider.

Install only if you are comfortable sending hashes you provide to the ToolWeb/mkkpro external API. Use it only for hashes you are authorized to analyze, and avoid production, regulated, incident-sensitive, or unsalted password hashes unless your organization has approved that provider and data handling.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (3)

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill explicitly describes matching submitted hashes against external hash databases but does not warn that hashes may represent sensitive authentication material or other confidential data. Transmitting such values to a third-party service can leak secrets, violate policy, and expose users to credential or privacy risks, especially if the hashes are unsalted or derived from sensitive inputs.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The operation is described only as 'Crack Hash', without any policy or scope guidance about when this capability should be invoked, what types of hashes are permitted, or what authorization and legitimate-use constraints apply. In an agent setting, this ambiguity can cause the model to invoke a hash-cracking tool for unauthorized credential recovery or other dual-use security tasks, increasing the chance of harmful or policy-violating use.

External Transmission

Medium
Category
Data Exfiltration
Content
## References

- **Kong Route:** `https://api.mkkpro.com/security/hash-finder`
- **API Docs:** `https://api.mkkpro.com:8008/docs`
Confidence
84% confidence
Finding
https://api.mkkpro.com/

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal