Back to skill
Skillv1.0.0
ClawScan security
Math Evaluate · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 4, 2026, 3:43 AM
- Verdict
- benign
- Confidence
- medium
- Model
- gpt-5-mini
- Summary
- This skill is internally consistent: it sends math expressions to a remote math.agentutil.net API for evaluation (no installs or credentials required), but using it sends your expressions to an external service so avoid submitting any sensitive data.
- Guidance
- This skill works by sending your math expressions and numeric data to https://math.agentutil.net for evaluation. It does not require any credentials or local installs, which is expected, but you should not send sensitive secrets (passwords, API keys, private identifiers) inside expressions or variables because they will be transmitted to a third party. The SKILL.md's claim that inputs aren't logged can't be verified here — if you need privacy, run math evaluation locally or use a trusted local library. Note the paid tier mentions a crypto payment protocol (x402/USDC on Base); if you ever choose paid features, verify the service and payment flow separately.
Review Dimensions
- Purpose & Capability
- okName/description match the behavior: the SKILL.md documents POSTing expressions and arrays to math.agentutil.net to evaluate expressions, compute statistics, and calculate percentages. There are no unrelated required binaries, env vars, or installs.
- Instruction Scope
- noteInstructions explicitly send expressions and data to an external API (math.agentutil.net) — this is consistent with the stated purpose. The SKILL.md does not instruct reading files or environment variables. However, the privacy claim ('service does not store or log input') is unverifiable in static review and the user should assume any data sent could be observed or retained by the remote service.
- Install Mechanism
- okInstruction-only skill with no install spec or code files; nothing is written to disk or executed locally during install.
- Credentials
- okNo environment variables, credentials, or config paths are requested — proportional to a simple remote math-evaluation API.
- Persistence & Privilege
- okalways is false and the skill does not declare elevated persistence or permissions. It does not request changes to other skills or system configs.