ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Math Expression

v1.0.1

Evaluate complex Wolfram Language math expressions with exact results, high-precision numerics, and consistency verification. Use when users ask for reliable...

0· 52·0 current·0 all-time
byspan@pansuestc
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description match the actual behavior: the skill runs WolframKernel via the Python wolframclient to produce exact and numeric results and verify consistency. Required binaries (python3, WolframKernel) and the wolframclient dependency are appropriate and expected.
Instruction Scope
SKILL.md and the script restrict operations to Wolfram Language expressions and document a safety boundary. The script implements a blacklist of filesystem/network/process symbols and refuses expressions containing them unless --allow-unsafe is passed. Note: the blacklist is a textual heuristic and could be bypassed by obfuscation or complex Wolfram constructs; the skill correctly warns to use --allow-unsafe only in an isolated runtime.
Install Mechanism
No install spec (instruction-only); the Quick Start suggests pip installing wolframclient which is reasonable. No downloads or non-standard install targets are used.
Credentials
The skill requests no environment variables or credentials. It only requires a local WolframKernel binary and the wolframclient Python package, which are proportional to its function.
Persistence & Privilege
always is false and the skill does not request persistent/system-wide changes or other skills' credentials. Autonomous invocation is allowed (platform default) but not combined with concerning privileges here.
Assessment
This skill appears to do what it says: it runs WolframKernel via wolframclient to evaluate expressions and verify numeric/exact consistency. Before installing or using it: ensure you have a trusted, local WolframKernel and the wolframclient package; do not submit untrusted expressions (the script blocks many dangerous symbols but the blacklist is a heuristic and can be evaded); avoid using --allow-unsafe unless running in a sandbox/VM; if you operate in a high-security environment, review the script and run evaluations in an isolated container.

Like a lobster shell, security has layers — review code before you run it.

latestvk97ez3j8crh8h9dz7es0e8p6c983hswv

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

OSLinux · macOS · Windows
Binspython3, WolframKernel

Comments