ClawHub

Hashcheck

v1.0.0

Calculate, verify, and compare file hashes using MD5, SHA-1, SHA-256, SHA-512, and BLAKE2b. Use when asked to checksum a file, verify a download hash, compar...

0· 45·0 current·0 all-time
by@rogue-agent1
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description (file hashing, verification, comparison) matches the provided code and SKILL.md. The skill does not request unrelated binaries, credentials, or config paths. Duplicate files (top-level and scripts/) are present but both contain the same hashing logic.
Instruction Scope
SKILL.md instructs the agent to run the included Python script on user-specified files and strings. The code only reads files provided as arguments, computes hashes, and prints results; it does not access other system files, environment variables, network endpoints, or perform unexpected actions.
Install Mechanism
There is no install spec (instruction-only). The included Python scripts have zero external dependencies and use only the standard library, so no downloads or installs are required.
Credentials
The skill declares no required environment variables or credentials and the code does not read env vars or secrets. No disproportionate access to system credentials or other services is requested.
Persistence & Privilege
always:false and default autonomous invocation settings are used. The skill does not request permanent presence or modify other skills/configs. Default autonomous invocation is normal and not, by itself, a red flag here.
Assessment
This skill appears to be what it says: a local file hash/verify tool implemented with Python's standard hashlib. You can inspect the included scripts (they are short and readable) before running. Note: MD5 and SHA-1 are cryptographically weak for collision resistance—prefer SHA-256, SHA-512, or BLAKE2b when verifying authenticity. Because it reads files you provide, avoid pointing it at sensitive files unless you trust the environment. The duplicate file under scripts/ is benign (identical content) but you may want to keep only one copy to avoid confusion.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bwfhdkebmfrkhf9qpxa1djs83papd

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments