Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
sq-math
v1.0.1数学运算技能,支持算术、代数方程、函数求值、微积分与矩阵计算。用于用户提出“帮我算一下”“解方程”“求导/积分”“矩阵运算”等数学任务时,优先通过内置脚本稳定计算并返回结果。
⭐ 0· 65·1 current·1 all-time
by@spzwin
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
Name/description match the included assets: SKILL.md documents running the bundled Python script and the script implements arithmetic, equation solving, differentiation, integration, and matrix determinant. There are no unrelated binaries, env vars, or config paths requested.
Instruction Scope
SKILL.md instructs the agent to run the local script with specific CLI flags (e.g., --expr, --solve). The script only reads its CLI arguments and does not access files, network, or other system state. One caution: the script uses sympy.sympify on user-provided strings (when sympy is available)—parsing arbitrary user input can carry parser-related risks in some environments. The fallback path uses eval but with __builtins__ disabled and a restricted math-only namespace, which reduces risk.
Install Mechanism
No install spec — the skill is instruction-only plus a small local script. Nothing is downloaded or written to disk by an installer.
Credentials
The skill requests no environment variables, no credentials, and no config paths. This is proportionate to a standalone math utility.
Persistence & Privilege
always is false and the skill does not request persistent/system-wide changes. It does not modify other skills or agent settings.
Assessment
This skill appears to do what it claims and has no network/credential access. Before using: (1) be aware that sympy.sympify parses string expressions—if you run untrusted input through it there are parser-related risks in some setups, so prefer to run the skill locally or in an isolated environment; (2) the fallback uses eval with a restricted namespace which mitigates typical eval risks, but avoid feeding untrusted payloads; (3) if you plan to enable full sympy support, ensure sympy is up-to-date and consider running the tool in a sandbox or container if you need stronger isolation.scripts/math_calc.py:42
Dynamic code execution detected.
Patterns worth reviewing
These patterns may indicate risky behavior. Check the VirusTotal and OpenClaw results above for context-aware analysis before installing.Like a lobster shell, security has layers — review code before you run it.
latestvk97f29acz8v0w0g0rjr7r11kdd843b97
License
MIT-0
Free to use, modify, and redistribute. No attribution required.