计算器服务

Security checks across static analysis, malware telemetry, and agentic risk

Overview

This calculator skill is not clearly malicious, but it sends calculator inputs to a third-party API, stores an API key in a local .env file, and contains mismatched Gaokao/reused-project references that make its true scope unclear.

Install only if you are comfortable giving this publisher an XBY API key and sending every calculator input to its remote service. Do not use it for sensitive financial, business, or private calculations unless you accept that data flow, and remove the saved XBY_APIKEY from .env if you stop using it.

SkillSpector (17)

By NVIDIA

Description-Behavior Mismatch

Medium

Confidence: 93% confidence
Finding: The documentation explicitly requires an API key for a tool marketed as a calculator, indicating hidden dependence on a third-party service. In context, this increases risk because users may unnecessarily provide sensitive credentials for functionality that ordinarily should not require remote access.

Description-Behavior Mismatch

Medium

Confidence: 92% confidence
Finding: The workflow states that the code 'only calls APIs,' which directly contradicts the claim that the skill provides a full calculator server. This kind of deceptive or careless framing weakens informed consent and obscures where user inputs are processed.

Description-Behavior Mismatch

Low

Confidence: 88% confidence
Finding: The instruction to directly present raw API responses confirms that the skill is forwarding remote service output rather than performing self-contained local computation. While lower severity than credential handling, it still demonstrates undocumented data flow to and from a third party and may surface unfiltered remote content.

Intent-Code Divergence

High

Confidence: 97% confidence
Finding: The project structure references a gaokao-related skill rather than a calculator, which strongly suggests repurposed or mislabeled code. In security terms, this inconsistency is dangerous because it indicates the documentation may not accurately describe the underlying implementation, raising the likelihood of hidden data flows or unintended capabilities.

Intent-Code Divergence

High

Confidence: 98% confidence
Finding: The example call uses `search_schools`, which is unrelated to calculator functionality and indicates probable copy-paste from another skill. This materially increases risk because it suggests the agent may invoke unrelated external tools or APIs inconsistent with user expectations, potentially sending data to the wrong service.

Description-Behavior Mismatch

Medium

Confidence: 95% confidence
Finding: This file implements a generic remote MCP tool invocation path driven by caller-supplied `mcp_id`, `tool_name`, and `params`, which exceeds the advertised role of a calculator skill. In the context of a math/calculator skill, exposing a general upstream tool proxy materially increases the attack surface because it can be used to reach capabilities unrelated to local computation and potentially invoke arbitrary remote actions.

Context-Inappropriate Capability

Medium

Confidence: 97% confidence
Finding: The code reads an API key via `get_api_key()` and uses it to authenticate outbound requests to an external service, giving this calculator skill networked capability backed by a secret credential. For a skill presented as a calculator, this mismatch is dangerous because user inputs in `params` are transmitted off-box and the credential enables access to upstream services beyond simple arithmetic.

Description-Behavior Mismatch

High

Confidence: 94% confidence
Finding: The file defines an external service endpoint, MCP identifier, and API key handling even though the advertised skill is a calculator. This mismatch materially increases risk because it introduces undeclared remote-service dependence and secret handling that users would not reasonably expect from a local math utility.

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The code persists an API key to a local .env file and updates process environment state without any indication in the calculator description that credentials will be stored. Silent local persistence of secrets can expose credentials to other local users, backups, source-control mistakes, or later code paths that read the file.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: A calculator skill has no obvious need to write long-lived credentials to disk, so this persistence capability is unjustified in context. Unnecessary secret storage expands the attack surface and creates risk of accidental disclosure through filesystem access, logs, backups, or repository commits.

Intent-Code Divergence

Medium

Confidence: 85% confidence
Finding: The class docstring refers to a Gaokao-related skill, which conflicts with the manifest claiming a calculator service. Identity mismatches are dangerous because they suggest code reuse from another project, hidden functionality, or inaccurate disclosures that impair user trust and security review.

Description-Behavior Mismatch

Medium

Confidence: 96% confidence
Finding: This calculator skill is effectively a thin client that forwards all user-supplied operands to an external API rather than performing local computation. That creates an undisclosed data-transmission boundary, expands the trust surface to a remote service, and can expose user inputs, metadata, and availability to a third party even for simple math tasks.

Context-Inappropriate Capability

Medium

Confidence: 91% confidence
Finding: For a calculator, heavy dependence on external API calls is disproportionate to the advertised functionality and increases confidentiality, integrity, and availability risk without clear necessity. A compromised, misconfigured, or malicious backend could alter results, log inputs, or fail unexpectedly, making the skill less trustworthy than its description suggests.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The POST request sends caller-controlled `params` and the API key to a remote endpoint without any user-facing disclosure in this component. That creates a transparency and privacy risk: users may reasonably expect local calculation, but their inputs are instead transmitted externally under authenticated context.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: The function retrieves a sensitive credential and injects it into request headers without any corresponding disclosure, gating, or evidence of least-privilege handling in this file. In a calculator skill, hidden use of credentials is especially concerning because it suggests privileged remote behavior that users would not expect from the advertised functionality.

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The function writes sensitive credentials to .env automatically and provides no visible warning, consent prompt, or disclosure to the user. This is risky because users may believe they are supplying a temporary runtime value when the code is actually creating durable local secret storage.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The wrappers pass user-provided values directly into call_api(), but the skill does not disclose that those values leave the local process/host. This is dangerous because users may reasonably assume calculator inputs stay local, while in reality potentially sensitive numbers or business data are transmitted to an external system.

Static analysis

No static analysis findings were reported for this release.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal