Estimate Builder
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: estimate-builder Version: 2.1.0 The skill bundle is benign. The Python code in SKILL.md implements a construction estimate builder, performing calculations and exporting data to Excel. The `claw.json` requests `filesystem` permission, which is necessary for the `export_to_excel` function. There is no evidence of intentional malicious behavior such as data exfiltration, arbitrary command execution, persistence mechanisms, or prompt injection attempts against the AI agent in `SKILL.md` or `instructions.md`. The functionality aligns with the stated purpose.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If filesystem access is granted, the agent may be able to read or write local files during estimate workflows.
The manifest requests filesystem access, while the main instructions focus on calculating and presenting estimates. Filesystem use may be appropriate for estimate import/export, but it is broad enough that users should keep file operations explicit.
"permissions": ["filesystem"]
Use filesystem access only for user-requested files and paths, and review any file reads or writes before allowing them.
A version mismatch can make it harder to confirm exactly which package release is being installed.
The packaged manifest version differs from the registry metadata version 2.1.0, which is a minor packaging/provenance inconsistency.
"version": "2.0.0"
Verify the package source and version against the publisher or homepage before relying on it in a production workflow.