Back to skill
Skillv1.0.0
VirusTotal security
Calculator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
ReviewApr 30, 2026, 6:15 AM
- Hash
- 9ffa6940501eaa3dd439204a22b7d7119187b1d98370e67563853b79c8c26787
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: wentianxe-calculator Version: 1.0.0 The skill provides mathematical calculation and unit conversion functionality but uses the high-risk `eval()` function in `scripts/calculator.py` to process user-supplied expressions. Although the script attempts to sandbox the execution by validating `code.co_names` against a whitelist of allowed math functions and constants and by restricting `__builtins__`, `eval()` is a known vector for Remote Code Execution (RCE) vulnerabilities. No evidence of intentional malice, data exfiltration, or harmful prompt injection was found in `SKILL.md` or the source code.
- External report
- View on VirusTotal