cad-skill
v1.0.0Control local CAD applications on Windows including launching apps, opening files, checking status, closing apps, detecting active or running apps, detecting...
⭐ 0· 320·0 current·0 all-time
bysolvi@doudou459
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
high confidencePurpose & Capability
The name/description (control local CAD apps on Windows) matches the code and config: functions to launch apps, open files, detect running windows/processes, and save executable paths. Minor mismatch: the skill is Windows-specific (uses ctypes user32 and tasklist) but registry metadata lists no OS restriction; this is a usability/metadata discrepancy, not a capability mismatch.
Instruction Scope
SKILL.md constraints (do not scan whole disk, do not read registry, only use config.json and candidate paths) are reflected in the implementation: the code only checks saved_paths and candidate_paths from config.json, validates explicit file paths provided by the user, calls tasklist, uses Win32 APIs to read the active window title, and writes back to config.json only when saving user-provided paths.
Install Mechanism
There is no install spec — code files are bundled but no installer/download steps are required. No packages or external downloads are referenced.
Credentials
The skill requests no environment variables, credentials, or config paths beyond its own config.json. All filesystem and process checks are proportional to controlling local CAD apps (process names, candidate install paths, explicit file paths).
Persistence & Privilege
The skill does not request 'always' presence and only writes to its own config.json. The skill can be invoked autonomously (platform default), which is expected for skills that automate local tasks; this is normal but increases the impact if the agent is permitted to call skills without confirmation.
Assessment
This skill appears to do what it says: control local Windows CAD apps using paths and process names stored in config.json. Before installing, consider: (1) it will launch executables found in config.json or at user-provided paths — ensure those paths point to trusted CAD binaries; (2) it writes to config.json when you save paths, so review that file for unwanted changes; (3) it uses Windows APIs and tasklist so it must run on Windows; the registry metadata doesn't declare that requirement — be mindful to use it only on a Windows workstation; (4) while there is no network or credential access, autonomous invocation is allowed by default on the platform, so only enable the skill for agents you trust to run local commands. If you want extra caution, run the skill in a limited account or inspect/lock the config.json to approved executable paths before use.Like a lobster shell, security has layers — review code before you run it.
latestvk977r8hcnh6g24y4cgzjbvb26x82mjvw
License
MIT-0
Free to use, modify, and redistribute. No attribution required.