ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Hash Finder

v1.0.0

Crack and identify hashes by attempting to match them against known hash databases and common plaintext values.

0· 86·0 current·0 all-time
byToolWeb@krishnakumarmahadevan-cmd
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
!
Purpose & Capability
The SKILL.md describes a network-backed hash-cracking API (references to api.mkkpro.com and toolweb.in) and pricing tiers, but the skill declares no required credentials or environment variables. If the skill actually calls a paid or authenticated external service, missing credentials is an inconsistency. No homepage or verifiable owner information is provided (source unknown).
!
Instruction Scope
The instructions and OpenAPI schema describe a /crack-hash endpoint and provide example requests/responses; they imply the agent will send supplied hashes to an external service. The SKILL.md does not document privacy, retention, or whether hashes are sent to third parties. Sending password hashes or other sensitive material to an external API without clear policy is a privacy/exfiltration risk.
Install Mechanism
This is an instruction-only skill with no install spec and no code files to be written to disk, which minimizes installation risk.
!
Credentials
No environment variables or credentials are declared even though the README mentions pricing and external service portals (portal.toolweb.in, hub.toolweb.in). Either the service is public/free (contradicted by pricing) or the skill omits required API keys — the omission is disproportionate and unexplained.
Persistence & Privilege
The skill does not request always:true, does not declare system config paths, and is user-invocable only. It does not request elevated or persistent privileges.
What to consider before installing
This skill will likely send any hashes you provide to external servers (toolweb.in / api.mkkpro.com). Before installing or using it: 1) Do not submit real user passwords or unsalted password hashes — test only with non-sensitive examples. 2) Ask the publisher for the API server URL, authentication requirements, and a privacy/retention policy. 3) Verify the service reputation (toolweb.in / mkkpro domains) and whether an API key is required (the SKILL.md lists pricing but the skill declares no credentials). 4) If you need offline cracking, prefer local tools (hashcat/john) rather than an unknown third-party API. If the publisher can confirm where requests go, whether keys are required, and provide a privacy statement, reassess; until then treat this as untrusted for sensitive data.

Like a lobster shell, security has layers — review code before you run it.

latestvk97bw4h306jpev877b3cv6z2z983897a
86downloads
0stars
1versions
Updated 4w ago
v1.0.0
MIT-0
ToolWeb@krishnakumarmahadevan-cmd
latest
Download

Overview

The Hash Finding Tool is a security utility designed to identify the plaintext values behind cryptographic hashes. By leveraging extensive hash databases and intelligent matching algorithms, this tool helps security professionals, penetration testers, and incident responders quickly determine the original values of captured or discovered hashes.

This tool supports common hash types and performs rapid lookups against curated datasets of known hash-plaintext pairs. It is ideal for password auditing, forensic analysis, breach investigation, and general security research where hash identification is required.

Whether you're validating password strength in a security assessment or recovering plaintext from discovered hashes during an incident, the Hash Finding Tool provides fast, accurate results through a simple API interface.

Usage

Request Example:

{
  "hash": "5d41402abc4b2a76b9719d911017c592"
}

Response Example:

{
  "hash": "5d41402abc4b2a76b9719d911017c592",
  "plaintext": "hello",
  "hash_type": "MD5",
  "found": true,
  "confidence": 0.99
}

Endpoints

POST /crack-hash

Description:
Attempts to crack or identify a given hash by matching it against known hash databases and common plaintext values.

Method: POST
Path: /crack-hash

Request Parameters:

NameTypeRequiredDescription
hashstringYesThe hash value to crack. Accepts MD5, SHA-1, SHA-256, and other common hash formats.

Response Schema:

The response returns a JSON object containing:

FieldTypeDescription
hashstringThe input hash that was queried.
plaintextstringThe plaintext value if a match was found; null if not found.
hash_typestringThe detected or inferred hash algorithm type (e.g., "MD5", "SHA-1", "SHA-256").
foundbooleantrue if a match was located in the database; false otherwise.
confidencenumberA confidence score between 0 and 1 indicating the likelihood of an accurate match.

Status Codes:

  • 200 OK — Hash lookup completed successfully.
  • 422 Unprocessable Entity — Validation error (e.g., missing or malformed hash parameter).

Pricing

PlanCalls/DayCalls/MonthPrice
Free550Free
Developer20500$39/mo
Professional2005,000$99/mo
Enterprise100,0001,000,000$299/mo

About

ToolWeb.in — 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.

References

  • Kong Route: https://api.mkkpro.com/security/hash-finder
  • API Docs: https://api.mkkpro.com:8008/docs

Comments

Loading comments...