Bim Cost Estimation Cwicr
PendingStatic analysis audit pending.
Overview
No static analysis result has been recorded yet. Pattern checks will appear here once the artifact has been analyzed.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant may access local model/report files and connect to external services as part of the estimation workflow.
The skill requests filesystem and network access, which is expected for reading BIM files, exporting reports, and using external APIs, but users should be aware of the breadth of those capabilities.
"permissions": ["filesystem", "network"]
Use the skill only with intended project files and confirm any network destinations or file outputs before processing sensitive BIM data.
Misconfigured or over-scoped credentials could expose account usage, costs, or private database access.
The skill requires service credentials/configuration for OpenAI and Qdrant, which is purpose-aligned for embeddings and vector search but gives the workflow access to paid or private services.
"requires":{"bins":["python3"],"env":["OPENAI_API_KEY","QDRANT_URL"]},"primaryEnv":"OPENAI_API_KEY"Use least-privilege API keys, keep them in environment variables, and avoid sharing keys in prompts or files.
Users may need to install or run a separate converter whose provenance and behavior are not verified by these artifacts.
The instructions reference an external conversion tool, but the artifact set provides no install spec, binary declaration, or reviewed code for that tool.
subprocess.run() is used solely for invoking the DDC RvtExporter CAD conversion tool
Install conversion tools only from trusted sources and review their permissions before using them on proprietary BIM files.
Project information from BIM/QTO data may be transmitted to OpenAI or a Qdrant endpoint during classification and vector search.
The workflow explicitly uses external provider/database connections, likely involving model-derived text, quantities, or classifications.
Network permission required for Qdrant vector database and OpenAI embeddings API
Confirm the Qdrant endpoint, understand OpenAI data handling terms, and avoid sending confidential model details unless approved.