ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Math Utils Native

Performs precise math calculations by executing native OS CLI tools like bc, python3, or PowerShell without relying on AI prediction.

MIT-0 · Free to use, modify, and redistribute. No attribution required.
0 · 178 · 0 current installs · 0 all-time installs
by@johnnyhou327
MIT-0
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description match the implementation: it executes local CLI tools (bc, python3, PowerShell) to compute expressions. No unrelated credentials, binaries, or installs are requested.
!
Instruction Scope
SKILL.md explicitly instructs executing local CLI commands to evaluate expressions. The shipped main.js directly interpolates the supplied expression into shell commands (execSync with a single command string) without validation or sanitization, creating a command-injection risk. The instructions do not mention input validation, sandboxing, or safety constraints.
Install Mechanism
No install spec (instruction-only + small code file). Nothing is downloaded or installed by the skill, so there is no supply-chain install risk here.
Credentials
The skill requests no environment variables, credentials, or config paths — appropriate and minimal for the stated purpose.
Persistence & Privilege
always is false and the skill does not request any special persistent or cross-skill privileges. It runs on-demand and does not modify other skills or system-wide settings.
What to consider before installing
This skill evaluates math expressions by building shell/PowerShell commands from the input and running them with execSync. That means a malicious or malformed expression can inject arbitrary shell commands on the host (e.g., expressions containing ;, ``, $(), backticks, quotes, or other metacharacters). If you plan to install or run this skill, only do so on an isolated, non-production host or container. Prefer safer alternatives: use a dedicated math parser library (e.g., decimal.js, mathjs) or evaluate expressions in a sandboxed process; if you must keep the current approach, apply strict input validation/whitelisting (allow only digits, whitespace, parentheses, and a limited set of operators) and avoid passing user input into a shell string—use execFile/spawn with arguments or a library that evaluates expressions without invoking a shell. If you need help hardening this skill, ask for specific code changes (e.g., a sanitized evaluator or replacement with a trusted math library).
main.js:20
Shell command execution detected (child_process).
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.

Like a lobster shell, security has layers — review code before you run it.

Current versionv1.0.1
Download zip
latestvk9731wkm00cpz7110rmnrdh0yx82p5kf

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

SKILL.md

math-utils (Native CLI Edition)

Description

这是一个基于本地操作系统 CLI 工具实现的计算技能。它不依赖大语言模型的预测能力,而是通过调用系统原生的计算器(如 Linux 下的 bcpython3)来确保计算的 100% 准确性。

Implementation Logic

  1. OS Detection: 自动识别 Linux, macOS 或 Windows 操作系统。
  2. Native Tool Selection:
    • Linux/macOS: 优先使用 bc (Arbitrary precision calculator),备选 python3
    • Windows: 使用 PowerShell
  3. Execution: 生成对应的 CLI 命令并执行。
  4. Validation: 返回经过系统内核计算的精确结果。

Usage

直接提供数学表达式,技能将通过服务器本地环境完成计算。

Functions

  • calculate(expression): 输入数学字符串(如 "123.45 * (67 + 8.9)"),返回精确数值。

Files

2 total
Select a file
Select a file to preview.

Comments

Loading comments…