calculator-py
WarnAudited by ClawScan on May 10, 2026.
Overview
The skill is a coherent local calculator, but it uses Python eval on user-provided formulas while claiming arbitrary code cannot run.
Install only if you trust the expressions the agent will pass to it. Avoid using it on formulas copied from untrusted documents or web pages until eval is replaced with a truly restricted math parser.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A crafted formula could cause the local Python process to do more than calculate math, potentially running unintended operations on the user’s machine.
The skill directly evaluates the user/agent-supplied expression as Python code. Removing builtins narrows access but does not make eval equivalent to a purpose-built math parser, especially when callable objects and modules are exposed.
result = eval(expr, {"__builtins__": {}}, safe_ns)Replace eval with an AST-based allowlist parser or a math-expression library that blocks attribute access, comprehensions, arbitrary calls, and module access.
Users may trust the calculator with expressions from untrusted sources because the documentation claims stronger safety than the code demonstrates.
The documentation says expressions use a restricted parser and cannot execute arbitrary code, but the implementation uses Python eval on expressions. This overstates the safety boundary users and agents may rely on.
表达式使用受限解析器,仅允许数学运算符和函数,不可执行任意代码
Revise the documentation to accurately describe the evaluator, or implement the claimed restricted parser before advertising arbitrary-code-execution protection.
Users may get different dependency versions over time, which can affect reliability or supply-chain assurance.
The dependency installation is purpose-aligned for numerical computing, but the packages are installed without pinned versions or a lockfile in the documented setup.
pip3 install scipy mpmath
Pin supported package versions or provide a lockfile/checksums for reproducible installation.