Calc Tool

Security checks across malware telemetry and agentic risk

Overview

This calculator skill can run arbitrary Python code through a crafted calculation, which is much broader than users would expect.

Review before installing. This does not appear intentionally malicious, but do not use it with copied, generated, or untrusted expressions until eval() is replaced with a constrained math parser or AST allowlist.

SkillSpector

By NVIDIA

Vulnerability Patterns

Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Behavioral ASTexec() Call, eval() Call, Dynamic Import
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration

Findings (3)

eval() call detected

High

Category: Dangerous Code Execution
Content: expr = expr.replace('^', '**') try: result = eval(expr) return result except Exception as e: raise ValueError(f"Invalid expression: {e}")
Confidence: 99% confidence
Finding: result = eval(expr)

Context-Inappropriate Capability

High

Confidence: 99% confidence
Finding: Although the skill is described as a calculator, it evaluates arbitrary Python expressions after superficial string replacement. This means the effective attack surface is Python code execution, not mathematical calculation, so any user supplying the expression can abuse the tool beyond its stated purpose.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: There is a security-significant mismatch between the skill's declared purpose and its real behavior: a 'math calculator' that actually executes unrestricted Python expressions. In agent/tooling contexts this is especially dangerous because callers may trust it as low-risk and pass through untrusted input, leading to code execution under that false assumption.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal