Back to skill

Security audit

calculator-py

Security checks across malware telemetry and agentic risk

Overview

This is a real local calculator skill, but its expression parser can execute local shell commands despite claiming that arbitrary code execution is not possible.

Install only if you trust every expression that will be passed to the skill and run it in an isolated environment. The publisher should replace eval with a strict math parser or AST allowlist, remove exposed module/builtin escape paths, add runtime limits, and update the documentation before this is safe for untrusted agent input.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (5)

eval() call detected

High
Category
Dangerous Code Execution
Content
"np": np,
    }
    try:
        result = eval(expr, {"__builtins__": {}}, safe_ns)
        return float(result)
    except Exception as e:
        error_exit(
Confidence
95% confidence
Finding
result = eval(expr, {"__builtins__": {}}, safe_ns)

eval() call detected

High
Category
Dangerous Code Execution
Content
"mp": mpmath.mp,
    }
    try:
        result = eval(expr, {"__builtins__": {}}, safe_ns)
        return mpmath.nstr(result, precision)
    except Exception as e:
        error_exit(
Confidence
94% confidence
Finding
result = eval(expr, {"__builtins__": {}}, safe_ns)

eval() call detected

High
Category
Dangerous Code Execution
Content
"exp": math.exp,
            "abs": abs,
        }
        return eval(expr_str, {"__builtins__": {}}, ns)

    op = args.operation
    try:
Confidence
93% confidence
Finding
return eval(expr_str, {"__builtins__": {}}, ns)

eval() call detected

High
Category
Dangerous Code Execution
Content
"exp": math.exp,
            "abs": abs,
        }
        return eval(expr_str, {"__builtins__": {}}, ns)

    op = args.operation
    try:
Confidence
93% confidence
Finding
return eval(expr_str, {"__builtins__": {}}, ns)

eval() call detected

High
Category
Dangerous Code Execution
Content
"exp": math.exp,
                    "abs": abs,
                }
                return [eval(ode_expr, {"__builtins__": {}}, ns)]

            x_span = (bounds[0], bounds[1])
            x_eval = [bounds[0] + (bounds[1] - bounds[0]) * i / 20 for i in range(21)]
Confidence
93% confidence
Finding
return [eval(ode_expr, {"__builtins__": {}}, ns)]

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dynamic_code_execution

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
scripts/calc.py:78