OnlineCyberTools MCP (280+ filterable tools)

crypto_hmac

Read-onlyIdempotent

Sign and verify webhooks, API requests, or JWT tokens by generating an HMAC with a shared secret key using various hash algorithms.

Instructions

HMAC Generator (Keyed Hash). Compute an HMAC over a message using a secret key, authenticating both the content and its origin. Supports MD5, SHA-1, SHA-2 (sha224/256/384/512), SHA-3 (sha3-224/256/384/512), and RIPEMD-160; the key is read as text, hex, or base64 and the digest is returned as hex, base64, base64url, or 0x-prefixed binary. Use this when a shared secret must be involved (signing webhooks, API requests, JWT HS* signatures); use crypto_hash instead for an unkeyed digest with no secret. Runs locally on the input you provide and is rate-limited; the message and key are processed in-memory, never persisted, and never written to logs. Returns the HMAC plus hex/base64/base64url renderings and its bit length.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`text`	Yes	The message to authenticate. Interpreted as UTF-8 text.
`key`	Yes	The secret key. Decoded per keyFormat (text/hex/base64); never stored or logged.
`algorithm`	No	HMAC hash algorithm. Defaults to sha256.	sha256
`keyFormat`	No	How to decode the key string into bytes: UTF-8 text, hex, or base64.	text
`outputFormat`	No	Encoding of the returned hmac field. binary yields a 0x-prefixed hex string.	hex

Output Schema

TableJSON Schema

Name	Required	Description
`algorithm`	No	The algorithm id used (e.g. sha256).
`algorithmName`	No	Human-readable algorithm name (e.g. SHA256).
`text`	No	The input message, echoed back.
`key`	No	The input key, echoed back.
`hmac`	No	The HMAC encoded per outputFormat.
`outputFormat`	No	The output encoding that was applied.
`length`	No	HMAC length in bits.
`formats`	No	The HMAC pre-rendered in every text encoding.

Tool Definition Quality

A4.4/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations already indicate read-only, non-destructive, idempotent. Description adds rich behavioral context: local execution, rate-limited, in-memory processing, no persistence or logging, and key handling details.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

Single paragraph with dense information, front-loaded with main action. Could be improved with bullet points for readability, but not excessive.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Covers purpose, usage, behavioral notes, supported algorithms, key/output formats, and security. Output schema exists, so return details are not needed.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100% with parameter descriptions. The description adds overall context but does not significantly enhance individual parameter meaning beyond examples and return format explanation.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states 'HMAC Generator (Keyed Hash)' and explains it computes an HMAC for authentication. It explicitly distinguishes from crypto_hash for unkeyed digests.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

Provides explicit guidance: 'Use this when a shared secret must be involved' and 'use crypto_hash instead for an unkeyed digest with no secret', naming the alternative sibling.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Jambozx/onlinecybertools-mcp-server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server