v2.0.0

Rvt To Excel

BenignClawScan verdict for this skill. Analyzed May 1, 2026, 5:26 AM.

Analysis

This is a coherent Revit-to-Excel helper, but it depends on filesystem access and a separate local RvtExporter executable that users should verify before use.

GuidanceBefore installing, make sure you trust the separate RvtExporter tool, run conversions only on intended RVT/RFA files or folders, and protect the generated Excel/CSV files because they may expose detailed BIM element data and quantities.

Findings (3)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

Abnormal behavior control

Checks for instructions or behavior that redirect the agent, misuse tools, execute unexpected code, cascade across systems, exploit user trust, or continue outside the intended task.

Tool Misuse and Exploitation

SeverityLowConfidenceHighStatusNote

instructions.md

Run RvtExporter to extract element data, parameters, quantities, and geometry

The skill directs the agent to invoke a local conversion tool; this is central to the purpose, but users should control file paths, export modes, and batch operations.

User impactIncorrect paths or broad batch choices could process more project files than intended or create many derived files.

RecommendationConfirm the exact input path, export mode, and output location before running conversions, especially for complete or batch exports.

Agentic Supply Chain Vulnerabilities

SeverityLowConfidenceHighStatusNote

instructions.md

DDC RvtExporter CLI tool must be installed locally

The required executable is separate from the reviewed instruction-only skill, so its source, version, and behavior are not established by the provided artifacts.

User impactSecurity depends partly on the locally installed RvtExporter executable, not just on this skill's instructions.

RecommendationInstall RvtExporter only from a trusted source, verify its provenance and version, and avoid substituting an unknown executable with the same name.

Permission boundary

Checks whether tool use, credentials, dependencies, identity, account access, or inter-agent boundaries are broader than the stated purpose.

Identity and Privilege Abuse

SeverityLowConfidenceHighStatusNote

claw.json

"permissions": ["filesystem"]

The skill asks for filesystem access, which is expected for reading Revit files and writing Excel outputs, but it still grants access to local project files selected for conversion.

User impactThe assistant may read local RVT/RFA files and write generated Excel outputs as part of the conversion workflow.

RecommendationUse it only on intended project folders, review output locations, and avoid converting sensitive projects unless the generated spreadsheets will be protected.