Calculator Chat

This skill mostly does what it promises (type numeric codes into your system calculator), but exercise caution before installing: - Mismatched requirements: The skill's metadata requires gnome-calculator even though it includes Windows and macOS code. If you're on macOS/Windows this requirement is incorrect and may indicate sloppy packaging. - Shell/PowerShell execution: The code writes a temporary PowerShell script and executes it with ExecutionPolicy Bypass, and it uses execSync with interpolated command strings in places. Those patterns increase the risk of command injection if inputs are not strictly validated. - Input validation is inconsistent: The Linux Python helper validates allowed characters, but the Windows path constructs and executes a script that accepts the number parameter without the same explicit sanitization. That discrepancy is the main practical risk. Before installing, ask the publisher or check the code to ensure: 1) The metadata is corrected for cross-platform usage (don't require gnome-calculator on Windows/macOS). 2) All command invocations use safe argument arrays (no shell interpolation) or properly escape/validate values on every platform. 3) The Windows PowerShell flow enforces the same safe-character policy as the Linux Python helper (reject any input containing characters outside 0-9 and + - * / . ( ) and reasonable length limits). If the author confirms fixes (or you review and harden the code locally) this skill is reasonable for local usage. If you cannot verify those fixes, avoid installing it on sensitive systems because of the script-execution and shell-exec risks.

These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.