Back to skill
Skillv1.0.1
VirusTotal security
Calculator · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 29, 2026, 4:56 AM
- Hash
- b05a16dcbf067f7e0202f2da9c098ff2cc042e8e22e6306ea216e081187ab00b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: calculator Version: 1.0.1 The `scripts/calc.py` file uses `eval()` to process mathematical expressions. While it attempts to sandbox `eval()` by clearing `__builtins__` and providing a `safe_dict`, this approach is vulnerable to sandbox escape via object introspection (e.g., `sqrt.__class__.__base__.__subclasses__()`). This critical vulnerability allows an attacker to execute arbitrary code (RCE) by crafting a malicious expression, classifying the skill as suspicious due to this severe flaw.
- External report
- View on VirusTotal