中文 EN
Start Review
Skill Trust Decision

math-utils

数学计算工具存在命令注入漏洞:expression参数未经验证直接拼接到shell命令中,SKILL.md未警告此风险

Install decision first Source: ClawHub Scanned: Apr 6, 2026
Files 2
Artifacts 0
Violations 0
Findings 3
Most direct threat evidence
01
用户提供恶意数学表达式 Entry · main.js
02
expression参数未过滤直接拼接入shell命令 Escalation · main.js
03
注入命令执行(如读取/etc/passwd、反弹shell) Impact · main.js

Why this conclusion was reached

1/4 dimensions flagged
Pass
Declared vs actual capability

Declared resources and inferred behavior are broadly aligned.

Pass
Hidden execution and egress

No obvious high-risk egress or execution signals were found.

Block
Attack chain and severe findings

The report includes 3 attack-chain steps and 1 severe findings.

Pass
Dependencies and supply chain hygiene

Dependencies are present but no obvious high-risk issue stands out.

Attack Chain

01
用户提供恶意数学表达式

Entry · main.js:18

02
expression参数未过滤直接拼接入shell命令

Escalation · main.js:24

03
注入命令执行(如读取/etc/passwd、反弹shell)

Impact · main.js:24

What drove the risk score up

命令注入漏洞 +25

expression参数直接插入execSync命令,用户可控输入未过滤

文档未声明安全风险 +15

SKILL.md称'100%准确计算',未提及命令注入风险

shell:WRITE权限声明宽泛 +10

未说明为何需要执行系统命令及边界

Most important evidence

High RCE

命令注入漏洞

calculate()函数的expression参数未经过滤直接拼接到shell命令中。攻击者可通过传入表达式如'; cat /etc/passwd |'或'$(whoami)'执行任意系统命令

main.js:24
实现输入白名单验证:仅允许[0-9+\-*/().]字符,拒绝任何shell特殊字符
Medium Doc Mismatch

安全风险未声明

SKILL.md声称'100%准确性'但未警告命令注入风险,用户无法意识到传入恶意表达式的后果

SKILL.md:6
在文档中添加安全警告,说明expression参数的信任边界
Low Supply Chain

无第三方依赖锁定

仅使用Node.js内置模块,无外部依赖风险

main.js:1
无需操作

Declared capability vs actual capability

Shell Pass
Declared WRITE
Inferred WRITE
main.js:24 execSync调用
Filesystem Pass
Declared READ
Inferred READ
仅Node.js标准模块加载

Suspicious artifacts and egress

No obvious IOC was extracted.

Dependencies and supply chain

PackageVersionSourceKnown vulnNotes
Node.js内置模块 N/A 标准库 No 仅用child_process和os模块

File composition

2 files · 65 lines
JavaScript 1 files · 47 linesMarkdown 1 files · 18 lines
Files of concern · 2
main.js JavaScript · 47 lines
命令注入漏洞 · 无第三方依赖锁定
SKILL.md Markdown · 18 lines
安全风险未声明

Security positives

代码简洁,仅约50行,易于审查
仅使用Node.js内置模块,无第三方依赖
实现了跨平台支持(Linux/macOS/Windows)
包含备选方案提高鲁棒性