ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Render Stl Png

v0.1.0

Render an STL file to a PNG image with a solid color using a deterministic software renderer and adjustable 3D perspective parameters.

0· 2k·2 current·2 all-time
by@ajmwagar
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/intent (render STL → PNG) lines up with shipped code: a pure-Python software rasterizer and a small wrapper. No unrelated credentials, binaries, or external services are requested.
Instruction Scope
SKILL.md and the scripts confine actions to: reading the provided STL file, CPU-rendering into an image, and writing the output PNG. The instructions do not request system-wide config, other files, or remote endpoints.
Install Mechanism
There is no formal install spec, but the included bash wrapper creates a virtualenv under $XDG_CACHE_HOME or ~/.cache and runs pip install pillow. This implies network access to PyPI at runtime; pillow is a common dependency, but the behavior should be noted.
Credentials
The skill requires no environment variables, credentials, or config paths. The only environment interaction is using XDG_CACHE_HOME/$HOME for the venv — which is reasonable for caching a virtualenv.
Persistence & Privilege
The wrapper will create a persistent virtualenv under the user's cache directory and install packages into it. The skill does not request elevated privileges, is not always-enabled, and does not modify other skills or system-wide agent settings.
Assessment
This skill appears to do exactly what it claims: a deterministic software renderer that reads an STL and writes a PNG. Before installing/running: (1) Inspect the included Python script if you want to be certain — it will execute arbitrary Python on any file path you provide. (2) Be aware the wrapper will create a virtualenv in your cache directory and run pip to download and install pillow from PyPI (network access). If you prefer tighter control, run the renderer in an isolated environment (container or dedicated venv) or install the pillow dependency yourself and invoke the Python script directly.

Like a lobster shell, security has layers — review code before you run it.

latestvk971h2sh1tn8evgzvy58gf1t7d80azwb

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments