cad-skill
Security checks across malware telemetry and agentic risk
Overview
The skill mostly matches its CAD automation purpose, but it gives the agent broad local process control that can launch user-saved executables and forcibly close CAD apps without clearly requiring user confirmation.
Install only if you are comfortable letting the assistant control local CAD programs. Before use, verify saved executable paths, avoid alternate config files unless intentional, and require confirmation before launching or force-closing applications.
VirusTotal
VirusTotal findings are pending for this skill version.
Risk analysis
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
The assistant could force-close a CAD program and potentially cause loss of unsaved design work.
The runner defaults the close_app force option to true. Since the skill is for CAD workstations, force-closing a CAD application can terminate work with unsaved changes unless explicit user approval is required.
result = close_app(... force=args.get("force", True))Default force to false, require explicit confirmation before closing apps, and warn users about unsaved work before any forced termination.
If a wrong or malicious executable path is saved, the assistant may later launch that local program while appearing to launch a CAD app.
set_app_path only verifies that the supplied path is a file, and launch_app later executes the saved path. The artifacts do not show validation that the path is actually a supported CAD executable.
if not os.path.isfile(path): return fail(...) ... subprocess.Popen([exe_path], shell=False)
Validate expected executable names and trusted install directories, show the exact path before launching, and require user confirmation when saving or launching a newly supplied executable path.
The assistant may use a configuration file other than the intended one, changing which executables are detected or launched.
The stated constraint is narrower than the runner behavior, which accepts optional config_file arguments for actions. This creates ambiguity about whether alternate configuration files are allowed.
Only use paths stored in `config.json`.
Remove or tightly restrict the config_file argument, or clearly document and enforce which alternate config paths are allowed.
Users have less context about where the code came from and what runtime environment is expected.
The package includes executable Python files but provides limited provenance and no install/runtime declaration. This does not show malicious behavior, but it reduces transparency.
Source: unknown; Homepage: none; No install spec — this is an instruction-only skill.
Publish source/homepage information, declare Windows/Python runtime expectations, and keep the reviewed files aligned with the registry metadata.