Bim Cost Estimation Cwicr
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: bim-cost-estimation-cwicr Version: 2.1.0 The skill is classified as suspicious due to several critical vulnerabilities, primarily a shell injection risk in `SKILL.md`. The `estimate_from_bim_model` function uses `subprocess.run` to execute an external tool (`RvtExporter.exe`) and passes `model_path` directly as an argument. If `model_path` is user-controlled and unsanitized, this could lead to arbitrary command execution (RCE). Additionally, the `decompose_bim_type` function is vulnerable to prompt injection as it constructs an LLM prompt using f-strings with unsanitized `bim_type` and `category` inputs. A path traversal vulnerability also exists in `generate_estimate_report` if `project_name` or `output_path` are untrusted. While the `claw.json` declares broad `filesystem` and `network` permissions, these are justified by the skill's stated purpose, and there is no evidence of intentional malicious behavior like data exfiltration or backdoors.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant may access local model/report files and connect to external services as part of the estimation workflow.
The skill requests filesystem and network access, which is expected for reading BIM files, exporting reports, and using external APIs, but users should be aware of the breadth of those capabilities.
"permissions": ["filesystem", "network"]
Use the skill only with intended project files and confirm any network destinations or file outputs before processing sensitive BIM data.
Misconfigured or over-scoped credentials could expose account usage, costs, or private database access.
The skill requires service credentials/configuration for OpenAI and Qdrant, which is purpose-aligned for embeddings and vector search but gives the workflow access to paid or private services.
"requires":{"bins":["python3"],"env":["OPENAI_API_KEY","QDRANT_URL"]},"primaryEnv":"OPENAI_API_KEY"Use least-privilege API keys, keep them in environment variables, and avoid sharing keys in prompts or files.
Users may need to install or run a separate converter whose provenance and behavior are not verified by these artifacts.
The instructions reference an external conversion tool, but the artifact set provides no install spec, binary declaration, or reviewed code for that tool.
subprocess.run() is used solely for invoking the DDC RvtExporter CAD conversion tool
Install conversion tools only from trusted sources and review their permissions before using them on proprietary BIM files.
Project information from BIM/QTO data may be transmitted to OpenAI or a Qdrant endpoint during classification and vector search.
The workflow explicitly uses external provider/database connections, likely involving model-derived text, quantities, or classifications.
Network permission required for Qdrant vector database and OpenAI embeddings API
Confirm the Qdrant endpoint, understand OpenAI data handling terms, and avoid sending confidential model details unless approved.