ClawHub

Bim Qto

v2.1.0

Extract quantities from BIM/CAD data for cost estimation. Group by type, level, zone. Generate QTO reports.

0· 1.2k·3 current·3 all-time
by@datadrivenconstruction
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description, Windows-only restriction, and requirement of python3 align with a BIM QTO tool. Filesystem access in claw.json is reasonable for reading user-provided model exports.
Instruction Scope
SKILL.md contains detailed Python code and instructs the agent to 'process data using methods described in SKILL.md' and to accept user file paths (CSV/Excel/JSON). That scope is appropriate for the task, but the instructions assume the agent will execute Python code without describing how to run it or how to obtain Python libraries.
!
Install Mechanism
There is no install spec (instruction-only), which is low risk by itself, but the included Python code imports pandas/numpy (and likely other libraries for Excel handling) while the manifest only requires 'python3'. Missing declared Python package dependencies / install steps is an incoherence that will break runtime or force the agent to install packages on the fly.
Credentials
The skill requests no environment variables or external credentials. Filesystem permission is present in claw.json, which is proportional for a tool that reads user-provided files. No evidence of requests for unrelated secrets or external services.
Persistence & Privilege
always is false and the skill is user-invocable. It does request filesystem access (manifest), but it does not request permanent inclusion or system-wide changes. No evidence it modifies other skills or system configs.
What to consider before installing
This skill appears to implement the QTO logic but has gaps you should resolve before installing. Specifically: - It requires python3 but the provided code imports pandas/numpy (and likely Excel libraries) without declaring or installing them — ensure the runtime environment has these packages or ask the author for an install spec. - The manifest grants filesystem access (needed to read user files). Only supply files you trust and run the skill in an isolated environment if you have sensitive files. - Confirm there are no network calls or hidden endpoints in the remainder of SKILL.md (the provided fragment is code-only and local, but review the full file). - Prefer a skill that lists its Python package dependencies or provides an installation step (pip/venv) and that documents where output files are written. If you can't verify these, run the skill in a sandboxed/ephemeral environment or request the author to add explicit dependency and execution instructions.

Like a lobster shell, security has layers — review code before you run it.

latestvk978ryzbqdg4zakca706kvkgks816cyp

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

Clawdis
OSWindows
Binspython3

Comments