xiaoyuan-calc
PassAudited by VirusTotal on May 11, 2026.
Overview
Type: OpenClaw Skill Name: xiaoyuan-calc Version: 1.0.0 The xiaoyuan-calc skill is a legitimate mathematical assistant that interfaces with the Xiaoyuan AI API (yuanfudao.com) to solve LaTeX-formatted equations and expressions. The script `scripts/calc.py` simply forwards user input to a remote endpoint and returns the result, with no evidence of data exfiltration, malicious execution, or prompt injection.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Math expressions, numbers, or equations entered into the calculator may be shared with the external API provider.
The script sends the supplied expression in JSON to an external Xiaoyuan/Yuanfudao API, so user-entered calculation content leaves the local environment.
response = requests.post(url, headers=headers, data=json.dumps(data))
Use it for expressions you are comfortable sending to the provider, and consider adding a clear privacy note in the skill documentation.
The skill may rely on a preinstalled Python package, and users may need to resolve that dependency themselves.
The script depends on the Python requests package while the supplied install information has no install spec or dependency declaration.
import requests
Declare the Python/runtime dependency explicitly or document that requests must be available from a trusted source.