Bim Qto
AdvisoryAudited by Static analysis on Apr 30, 2026.
Overview
No suspicious patterns detected.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If given broad or incorrect paths, the skill could read the wrong project data or write reports somewhere unintended.
The skill requests filesystem permission, which is expected for processing user-supplied BIM/CAD files and exporting reports, but it still means the agent can interact with local files.
"permissions": [
"filesystem"
]Provide explicit input file paths and confirm export destinations before allowing report generation.
If those libraries are not already installed, the user or agent may need to install them separately, which introduces normal dependency-provenance considerations.
The documented implementation relies on third-party Python libraries, while the provided requirements only declare python3 and there is no install spec.
import pandas as pd import numpy as np
Use a trusted Python environment and install any needed libraries such as pandas and numpy from trusted, preferably pinned sources.