xiaoyuan-calc
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a normal calculator skill, but it sends entered expressions to an external Xiaoyuan/Yuanfudao calculation API.
This skill looks coherent for its calculator purpose. Before installing, be aware that calculations are handled by an external Xiaoyuan/Yuanfudao API, so do not submit private formulas, confidential numbers, or sensitive homework/work data unless you are comfortable sharing them with that service.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Math expressions, numbers, or equations entered into the calculator may be shared with the external API provider.
The script sends the supplied expression in JSON to an external Xiaoyuan/Yuanfudao API, so user-entered calculation content leaves the local environment.
response = requests.post(url, headers=headers, data=json.dumps(data))
Use it for expressions you are comfortable sending to the provider, and consider adding a clear privacy note in the skill documentation.
The skill may rely on a preinstalled Python package, and users may need to resolve that dependency themselves.
The script depends on the Python requests package while the supplied install information has no install spec or dependency declaration.
import requests
Declare the Python/runtime dependency explicitly or document that requests must be available from a trusted source.