v2.1.0

Qto Report

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:26 AM.

Analysis

The artifacts describe a coherent QTO reporting helper, with expected file access for user-provided BIM/CAD data and only minor packaging/provenance notes.

GuidanceThis appears safe for its stated purpose. Before installing, verify the source/version mismatch if it matters to you, and when using it, provide only the BIM/CAD files you intend to process and review any exported cost or quantity reports before business use.

Findings (2)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

claw.json

"permissions": [
    "filesystem"
  ]

The skill declares filesystem access, which is expected for reading BIM/CAD exports and writing QTO reports, but it means the user should ensure the agent only uses intended project files and output locations.

User impactThe agent may read local project data files and write generated report files when directed.

RecommendationUse explicit input and output paths, review generated reports before relying on them, and avoid pointing the skill at unrelated private directories.

Agentic Supply Chain Vulnerabilities

SeverityInfoConfidenceMediumStatusNote

claw.json

"version": "2.0.0"

The package registry metadata lists version 2.1.0 while claw.json lists 2.0.0, a minor provenance/packaging inconsistency users may want to verify.

User impactA version mismatch can make it harder to confirm exactly which skill revision is being installed.

RecommendationConfirm the package source and expected version before installation, especially if version-specific behavior matters.