Skillv1.0.0

ClawScan security

cad-skill · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 10, 2026, 8:24 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's code, instructions, and config are coherent with its stated purpose (local Windows CAD app control); it does not request credentials or network access and only operates on configured paths and processes.
Guidance: This skill appears to do what it says: control local Windows CAD apps using paths and process names stored in config.json. Before installing, consider: (1) it will launch executables found in config.json or at user-provided paths — ensure those paths point to trusted CAD binaries; (2) it writes to config.json when you save paths, so review that file for unwanted changes; (3) it uses Windows APIs and tasklist so it must run on Windows; the registry metadata doesn't declare that requirement — be mindful to use it only on a Windows workstation; (4) while there is no network or credential access, autonomous invocation is allowed by default on the platform, so only enable the skill for agents you trust to run local commands. If you want extra caution, run the skill in a limited account or inspect/lock the config.json to approved executable paths before use.

Review Dimensions

Purpose & Capability: noteThe name/description (control local CAD apps on Windows) matches the code and config: functions to launch apps, open files, detect running windows/processes, and save executable paths. Minor mismatch: the skill is Windows-specific (uses ctypes user32 and tasklist) but registry metadata lists no OS restriction; this is a usability/metadata discrepancy, not a capability mismatch.
Instruction Scope: okSKILL.md constraints (do not scan whole disk, do not read registry, only use config.json and candidate paths) are reflected in the implementation: the code only checks saved_paths and candidate_paths from config.json, validates explicit file paths provided by the user, calls tasklist, uses Win32 APIs to read the active window title, and writes back to config.json only when saving user-provided paths.
Install Mechanism: okThere is no install spec — code files are bundled but no installer/download steps are required. No packages or external downloads are referenced.
Credentials: okThe skill requests no environment variables, credentials, or config paths beyond its own config.json. All filesystem and process checks are proportional to controlling local CAD apps (process names, candidate install paths, explicit file paths).
Persistence & Privilege: noteThe skill does not request 'always' presence and only writes to its own config.json. The skill can be invoked autonomously (platform default), which is expected for skills that automate local tasks; this is normal but increases the impact if the agent is permitted to call skills without confirmation.