safe-calculator

The module uses eval() and exec() directly on external inputs, creating high-risk arbitrary code execution vectors. If these functions accept untrusted data they are exploitable for code execution, data exfiltration, and state manipulation. Fix by removing dynamic execution, using safe parsers, validating/whitelisting inputs, or sandboxing. Also correct the syntax error in the example invocation.