qgis

PassAudited by VirusTotal on May 11, 2026.

Overview

Type: OpenClaw Skill Name: qgis Version: 1.0.0 The skill is a legitimate wrapper for the QGIS command-line tool (`qgis_process`) used for geospatial data processing. It includes well-defined safety boundaries, such as requiring CRS validation and dry-runs for batch operations, and contains no evidence of malicious intent, data exfiltration, or obfuscated code across SKILL.md and agents/openai.yaml.

Findings (0)

Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.

NoteHigh Confidence

ASI02: Tool Misuse and Exploitation

What this means

The agent can process local geospatial files and create derived outputs; incorrect paths, CRS choices, or overwrite requests could affect the user's data workflow.

Why it was flagged

The skill instructs the agent to run local QGIS processing commands that read input files and create output files. This is central to the skill's purpose and is paired with safety guidance, but users should still verify paths and parameters.

Skill content

qgis_process run <algorithm-id> -- \
  INPUT=<input-path> \
  OUTPUT=<output-path>

Recommendation

Confirm input files, output locations, CRS, and overwrite behavior before running commands, especially for batch jobs.