← 返回 Skills 市场
Calculator
作者
wushengbing
· GitHub ↗
· v1.0.0
· MIT-0
257
总下载
0
收藏
0
当前安装
1
版本数
在 OpenClaw 中安装
/install wentianxe-calculator
功能描述
Perform mathematical calculations and unit conversions. Use when the user needs to calculate expressions, convert units (length, mass, temperature, volume, a...
安全使用建议
This skill is coherent with its description, but the bundled Python evaluator uses compile()/eval with only a name whitelist — that protection is insufficient against certain sandbox-escape expressions (attribute/constructor chains can execute arbitrary code without introducing new names). If you plan to install or run this skill, consider: 1) Only evaluate expressions you trust (do not accept untrusted input). 2) Run the skill in a restricted environment (container, VM) if it will process user-provided expressions. 3) Prefer a patched version that avoids eval (use a safe parser/evaluator like a restricted AST evaluator, asteval, sympy.parsing, or explicit AST whitelisting of node types). 4) If you want the agent to never run this autonomously, disable autonomous invocation for the skill (set disable-model-invocation) or avoid granting it automatic invocation. If you want, I can suggest concrete safe replacements/patterns for expression evaluation or a minimal hardening patch for this script.
功能分析
Type: OpenClaw Skill
Name: wentianxe-calculator
Version: 1.0.0
The skill provides mathematical calculation and unit conversion functionality but uses the high-risk `eval()` function in `scripts/calculator.py` to process user-supplied expressions. Although the script attempts to sandbox the execution by validating `code.co_names` against a whitelist of allowed math functions and constants and by restricting `__builtins__`, `eval()` is a known vector for Remote Code Execution (RCE) vulnerabilities. No evidence of intentional malice, data exfiltration, or harmful prompt injection was found in `SKILL.md` or the source code.
能力评估
Purpose & Capability
Name, description, SKILL.md usage, and the provided scripts/calculator.py are coherent: the code implements expression evaluation and unit conversions described by the skill.
Instruction Scope
SKILL.md instructs the agent to run scripts/calculator.py with user-supplied expressions. The script evaluates expressions via compile() + eval() with a restricted names dict, but that sandboxing is incomplete: attribute- and object-based sandbox escapes (which do not introduce new names) can be used to execute arbitrary Python code. The instructions therefore enable execution of potentially unsafe input on the host where the skill runs.
Install Mechanism
No install spec; this is instruction-only plus a bundled Python script. Nothing is downloaded or installed automatically, which minimizes install-time risk.
Credentials
The skill requests no environment variables, credentials, or config paths. Those requirements are proportionate to a local calculator utility.
Persistence & Privilege
always is false, no elevated or persistent installation behavior is requested. The skill does not modify other skills or global agent config.
如何使用
- 确保已安装 OpenClaw(本地或 Docker 部署)
- 在对话框中输入安装命令:
/install wentianxe-calculator - 安装完成后,直接呼叫该 Skill 的名称或使用
/wentianxe-calculator触发 - 根据 Skill 的参数说明提供必要输入,即可获得结构化输出
版本历史
v1.0.0
Basic calculator with arithmetic and unit conversions
元数据
常见问题
Calculator 是什么?
Perform mathematical calculations and unit conversions. Use when the user needs to calculate expressions, convert units (length, mass, temperature, volume, a... 它是一个面向 Claude Code / OpenClaw 的 AI Agent Skill 插件,目前累计下载 257 次。
如何安装 Calculator?
在 OpenClaw 或 Claude Code 对话框中运行命令「/install wentianxe-calculator」即可一键安装,无需额外配置。
Calculator 是免费的吗?
是的,Calculator 完全免费,采用 MIT-0 许可证,可自由下载、安装和使用。
Calculator 支持哪些平台?
Calculator 跨平台运行,可在任意部署了 OpenClaw / Claude Code 的环境中使用(cross-platform)。
谁开发了 Calculator?
由 wushengbing(@wushengbing)开发并维护,当前版本 v1.0.0。
推荐 Skills