Mechanics Sketches
PassAudited by ClawScan on May 1, 2026.
Overview
This appears to be a local engineering-diagram generation skill, with the main caution that setup installs an external GitHub Python library and the helper writes to a user-specified file path.
Before installing, review or pin the MechanicsSketches GitHub dependency, and when using the helper script, provide a safe input JSON and an output path where overwriting is acceptable.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Installing the skill's dependency may run or use code from an external repository that can change over time.
The documented setup fetches executable Python code from GitHub at install time without pinning a commit or release. This is disclosed and central to the skill, but the installed code could change independently of the reviewed skill artifacts.
pip install git+https://github.com/MatthiasHBusch/MechanicsSketches.git
Review the upstream repository and prefer pinning a trusted commit, release, or locked package version before installing.
If given the wrong output path, the helper could create or overwrite a local file at that path.
The helper takes user-supplied input and output paths, reads the JSON input, and writes the rendered file. This is expected for a renderer, but the output path is not constrained by the script.
input_path = sys.argv[1] output_path = sys.argv[2] ... render(sketch, filename=output_path, dpi=300)
Use explicit output filenames in an intended workspace and confirm before overwriting existing files.