Back to skill
Skillv0.1.5
VirusTotal security
Calculator Chat · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 30, 2026, 5:42 AM
- Hash
- e203262a7db4250ed43ac2a6a543de9ff447fda2c135f7054ebbc3c686230278
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: calculator-chat Version: 0.1.5 The skill bundle implements cross-platform UI automation to display numbers on a system calculator, but employs several high-risk coding patterns. Key indicators include the use of 'eval()' on user-influenced strings in 'src/calculator.py' (mitigated by a character whitelist), the dynamic creation and execution of PowerShell scripts with 'ExecutionPolicy Bypass' in 'src/platform/windows.js', and the use of AppleScript for keystroke injection in 'src/platform/macos.js'. While these methods are functionally consistent with the stated purpose, they provide powerful primitives for potential abuse and represent a significant security risk if input sanitization is bypassed.
- External report
- View on VirusTotal