ClawHub

cae-skill

Security checks across malware telemetry and agentic risk

Overview

The skill mostly matches its CAE-control purpose, but its “open file” behavior can run Abaqus Python/journal scripts and its close action defaults to forceful behavior.

Use this only on a trusted Windows CAE workstation. Do not let it open Abaqus .py or .jnl files unless you intend to run them as trusted scripts, and confirm before using close_app because it defaults to forceful closing.

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal

Risk analysis

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

#
ASI05: Unexpected Code Execution
Medium
What this means

A local Abaqus Python or journal file could run with the user's privileges if the agent opens it through this skill.

Why it was flagged

The open-file path for Abaqus script-like files builds a command that runs the supplied .py or .jnl as an Abaqus script, while SKILL.md frames the action as opening a file rather than executing code.

Skill content
"abaqus": { ".cae", ".odb", ".jnl", ".py" } ... if ext in {".jnl", ".py"}: return ["cmd", "/k", "abaqus", "cae", f"script={file_path}"]
Recommendation

Only use open_file_in_app on trusted .py/.jnl files, and the skill should require explicit confirmation or separate action naming for script execution.

#
ASI02: Tool Misuse and Exploitation
Low
What this means

If the agent closes a running CAE application, unsaved work could be lost depending on how close_app handles the force flag.

Why it was flagged

The close_app action defaults to requesting forceful behavior. Closing CAE applications is purpose-aligned, but a forceful default can be risky if invoked without clear user confirmation.

Skill content
result = close_app(... force=args.get("force", True))
Recommendation

Ask for explicit user confirmation before closing applications, and prefer a non-forceful default unless the user specifically requests force.

#
ASI04: Agentic Supply Chain Vulnerabilities
Info
What this means

Users have less information for independently verifying who maintains the skill or where updates come from.

Why it was flagged

The package has limited provenance information. No remote installer or hidden dependency is shown, so this is a provenance note rather than a direct malicious signal.

Skill content
Source: unknown; Homepage: none
Recommendation

Install only if you trust the publisher/package source, and review the local code before use on important CAE workstations.