ClawHub

Find Stl

v0.1.0

Search and download ready-to-print 3D model files (STL/3MF/ZIP) for a concept or specific part by querying Printables (first). Use when an agent needs to find an existing model, capture license/attribution, download the source files, and output a local folder + manifest for quoting/printing.

2· 2.4k·3 current·3 all-time
by@ajmwagar

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for ajmwagar/find-stl.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Find Stl" (ajmwagar/find-stl) from ClawHub.
Skill page: https://clawhub.ai/ajmwagar/find-stl
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Canonical install target

openclaw skills install ajmwagar/find-stl

ClawHub CLI

Package manager switcher

npx clawhub@latest install find-stl
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
high confidence
Purpose & Capability
Name/description align with the included script: it queries Printables' GraphQL API, retrieves time-limited download links and writes a local folder + manifest. No unrelated credentials, binaries, or external services are requested.
!
Instruction Scope
SKILL.md describes search->fetch pipeline and the script implements exactly that, but the runtime instructs the agent (the script) to download and write arbitrary files and to extract ZIP archives without any sanitization. Filenames from the API are used directly for filesystem paths and ZipFile.extractall() is called, which creates a path-traversal / zip-slip risk and may overwrite files in the target directory.
Install Mechanism
No install spec (instruction-only plus a single Python script). No packages are fetched during install. Risk is limited to executing the included script and its network activity at runtime.
Credentials
The skill requests no environment variables or credentials, which is proportional. It does perform network calls to api.printables.com (expected for the stated purpose).
Persistence & Privilege
always is false, no persistent/privileged flags. The skill does write files under a default outdir (~/models/incoming) which is normal for its purpose but is not a platform-level persistence request.
What to consider before installing
This skill appears to do what it says (search Printables and download models), but you should be cautious before running it: 1) it downloads third-party files and extracts ZIPs without sanitizing filenames — a malicious or malformed archive or a manipulated API response could overwrite files (zip-slip / path traversal). 2) filenames from the API are used verbatim when saving, which could introduce unexpected paths. 3) the script writes to a default folder in your home directory; consider specifying an isolated outdir. Recommended actions: run the script in a sandbox or container, inspect network calls, and review/patch the code before use — specifically: sanitize downloaded filenames (use basename/safe_slug), validate ZIP members and reject entries with absolute paths or '..' components before extraction, enforce max file size and disk quotas, and prefer extracting into an empty, isolated directory. If you only need search results, run the search subcommand first (safe, read-only). If you want me to, I can produce a small patch that hardens ZIP extraction and filename handling.

Like a lobster shell, security has layers — review code before you run it.

latestvk9761ybvsxsg9hqqrjn5h7tdnx80axd8
2.4kdownloads
2stars
1versions
Updated 1mo ago
v0.1.0
MIT-0
@ajmwagar
latest
Download

find-stl

This skill provides a deterministic pipeline:

  • search Printables for models
  • select a candidate
  • download model files
  • write a manifest.json (source URL, author, license id, files, hashes)

Quick start

Search

python3 scripts/find_stl.py search "iphone 15 pro dock" --limit 10

Fetch

python3 scripts/find_stl.py fetch 1059554 --outdir out/models

By default, fetch downloads all model files (a ZIP pack) when available.

Notes

  • Printables download links are time-limited; this script resolves them via Printables GraphQL (getDownloadLink).
  • Always preserve license + attribution in the manifest.

Resources

  • scripts/find_stl.py

Comments

Loading comments...