Skillv0.1.5

ClawScan security

Calculator Chat · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousMar 13, 2026, 5:33 PM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill appears to implement what it claims (typing numeric messages into the system calculator), but there are mismatches and unsafe patterns (unconditional gnome-calculator requirement, shell/PowerShell execution with flimsy sanitization, and writing/executing temporary scripts) that warrant caution before installing.
Guidance: This skill mostly does what it promises (type numeric codes into your system calculator), but exercise caution before installing: - Mismatched requirements: The skill's metadata requires gnome-calculator even though it includes Windows and macOS code. If you're on macOS/Windows this requirement is incorrect and may indicate sloppy packaging. - Shell/PowerShell execution: The code writes a temporary PowerShell script and executes it with ExecutionPolicy Bypass, and it uses execSync with interpolated command strings in places. Those patterns increase the risk of command injection if inputs are not strictly validated. - Input validation is inconsistent: The Linux Python helper validates allowed characters, but the Windows path constructs and executes a script that accepts the number parameter without the same explicit sanitization. That discrepancy is the main practical risk. Before installing, ask the publisher or check the code to ensure: 1) The metadata is corrected for cross-platform usage (don't require gnome-calculator on Windows/macOS). 2) All command invocations use safe argument arrays (no shell interpolation) or properly escape/validate values on every platform. 3) The Windows PowerShell flow enforces the same safe-character policy as the Linux Python helper (reject any input containing characters outside 0-9 and + - * / . ( ) and reasonable length limits). If the author confirms fixes (or you review and harden the code locally) this skill is reasonable for local usage. If you cannot verify those fixes, avoid installing it on sensitive systems because of the script-execution and shell-exec risks.

Review Dimensions

Purpose & Capability: noteOverall functionality matches the description (mapping text to numbers and automating the system calculator). However, the metadata requires gnome-calculator unconditionally even though the code includes macOS and Windows implementations — that is incoherent for a cross-platform skill and would wrongly fail on non-Linux systems.
Instruction Scope: concernRuntime instructions and code operate on system processes (pgrep/pkill), launch system apps, write and execute PowerShell scripts, and run shell commands. These actions are explained by the skill's purpose (UI automation), but the code uses execSync with interpolated command strings and writes temporary PowerShell files that are executed with ExecutionPolicy Bypass — a pattern that can amplify risks if input sanitization is incomplete.
Install Mechanism: okNo install spec is provided (instruction-only + included code). That minimizes supply-chain install risk, but the included code will execute system tools already on the host when invoked.
Credentials: noteNo credentials or config paths are requested (good). The declared required binaries (node, python3, gnome-calculator) are mostly appropriate for the Linux path, but requiring gnome-calculator for all platforms is disproportionate for macOS/Windows.
Persistence & Privilege: okThe skill is not force-included (always: false) and does not request persistent elevated privileges. It does execute local system commands and temporarily writes scripts, but it does not declare persistent system-wide modifications.