← 返回 Skills 市场
41
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install calc-tool
功能描述
Perform mathematical calculations from the command line. Arithmetic, trig, and unit conversion.
使用说明 (SKILL.md)
Calc Tool - CLI Calculator
Command-line calculator supporting arithmetic, trig, and unit conversion.
Quick Start
calc-tool '2 + 2'
Features
- Basic arithmetic
- Trig functions (sin, cos, tan)
- Unit conversion
- Expression grouping
Examples
calc-tool '2 + 2'
calc-tool 'sin(45) * 10'
calc-tool '100 cm to inches'
See Also
- Related documentation:
man bc(if available)
安全使用建议
Do not run this tool with untrusted input or as a privileged user. The calc implementation uses Python eval on raw expressions, which can run arbitrary Python code (not just math); this can be exploited to execute shell commands, read files, or modify the system. Before installing or using: (1) inspect or run the script in an isolated environment (container/VM) if you must test it; (2) prefer a fixed safer implementation (use a math expression parser or a sandboxed evaluator like asteval/numexpr or parse the AST and whitelist nodes/functions); (3) if you need this exact tool, modify evaluate() to strictly validate the expression (allow only digits, operators, parentheses, decimals, and an explicit whitelist of math function names) or replace eval with a safe evaluator; (4) avoid running it on sensitive hosts or with elevated privileges. If you want, I can suggest a safe replacement implementation or a patch to restrict allowed tokens and AST nodes.
功能分析
Type: OpenClaw Skill
Name: calc-tool
Version: 1.0.0
The script 'scripts/calc.py' contains a critical Remote Code Execution (RCE) vulnerability due to the use of the 'eval()' function on unsanitized user input. While the tool is presented as a simple calculator, an attacker can bypass the intended mathematical logic to execute arbitrary Python code (e.g., using '__import__'). There is no evidence of intentional malice or exfiltration, but the implementation is highly insecure.
能力评估
Purpose & Capability
Name, description, SKILL.md examples, and the included scripts/calc.py align: this is a command-line calculator implementing arithmetic, trig, and unit conversion. It requests no credentials, binaries, or install steps beyond being run as a script.
Instruction Scope
SKILL.md instructs the agent/user to run calc-tool with an expression. The implementation (scripts/calc.py) evaluates the user-supplied expression with Python's eval after simple string replacements but without safely restricting allowed operations or AST nodes. That means injected input (e.g., __import__('os').system(...)) could execute arbitrary Python, escalate from a calculator to remote/host compromise. The instructions do not warn about this risk or restrict input.
Install Mechanism
There is no install spec (instruction-only skill with an included script). Nothing is downloaded or written to disk by an installer, which is low-risk in itself.
Credentials
No environment variables, credentials, or config paths are requested. The declared requirements are minimal and proportional to a CLI calculator.
Persistence & Privilege
The skill does not request always:true or other elevated persistence. Default autonomy is allowed (normal), and the skill does not modify other skills or system-wide agent settings.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install calc-tool - 安装完成后,直接呼叫该 Skill 的名称或使用
/calc-tool触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Initial release
元数据
常见问题
Calc Tool 是什么?
Perform mathematical calculations from the command line. Arithmetic, trig, and unit conversion. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 41 次。
如何安装 Calc Tool?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install calc-tool」即可一键安装,无需额外配置。
Calc Tool 是免费的吗?
是的,Calc Tool 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Calc Tool 支持哪些平台?
Calc Tool 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Calc Tool?
由 BIN(@dinghaibin)开发并维护,当前版本 v1.0.0。
推荐 Skills