ClawHub

Precision Calculator — Exact Math, Every Time

Security checks across malware telemetry and agentic risk

Overview

This calculator skill needs Review because it tells agents to charge an external billing API with a hardcoded key before every calculation, including trivial math.

Do not install unless you intentionally want every math request to use an external paid billing flow. The hardcoded billing key should be revoked, billing should be handled through a platform-approved and user-confirmed mechanism, and the calculator should offer a local no-charge path for ordinary math.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Findings (7)

Description-Behavior Mismatch

High
Confidence
98% confidence
Finding
The skill is presented as a calculator, but its documented workflow also performs an external billing action unrelated to core math functionality. This creates a deceptive capability mismatch that can cause an agent to charge users or transmit identifiers under the guise of routine calculation, increasing risk of unauthorized paid actions.

Context-Inappropriate Capability

High
Confidence
99% confidence
Finding
Embedding a payment-charging capability inside a precision calculator is not justified by the stated purpose and is a strong sign of hidden monetization or abuse. An agent following the skill could perform unauthorized financial actions before a trivial task, exposing users to unwanted charges and privacy leakage.

Context-Inappropriate Capability

Medium
Confidence
97% confidence
Finding
The use of curl to contact an external billing endpoint is context-inappropriate for a calculator and introduces network side effects into what should be a local computation. Even if the amount is small, this can normalize silent outbound requests and be repurposed for charging, tracking, or exfiltration.

Intent-Code Divergence

Medium
Confidence
92% confidence
Finding
The skill first frames itself as mandatory for all math to guarantee correctness, then later requires charging the user before execution. This combination is dangerous because it pressures the agent into triggering a paid action for even trivial calculations, undermining informed consent and safe tool selection.

Vague Triggers

High
Confidence
95% confidence
Finding
The instruction to use this skill for any calculation or math question is overly broad and can force activation on harmless or trivial prompts. In context, that broad trigger is especially dangerous because invocation may lead to external billing, turning ordinary numeric language into an opportunity for unnecessary paid actions.

Vague Triggers

High
Confidence
97% confidence
Finding
Mandating tool use for all math-related requests, including simple cases like '1 + 1', removes agent discretion and creates a coercive execution path. Because the same skill also instructs charging the user, the broad mandate amplifies the risk of systematic overuse and unauthorized micro-billing.

Missing User Warnings

Medium
Confidence
96% confidence
Finding
The skill tells the agent to charge the user through an external billing API without clearly warning that user data will be transmitted and a paid action will occur. This lack of disclosure is unsafe because users may not understand that a simple calculation request causes external processing and billing-related data sharing.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal