Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
RhinoClaw
v0.2.6Control Rhino 3D via AI agents. 72+ tools for geometry, transforms, booleans, PBR materials, Grasshopper automation, VisualARQ BIM objects, and viewport cont...
⭐ 0· 67·0 current·0 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
Name/description match the delivered artifacts: many Rhino-focused scripts, GH templates, and VisualARQ helpers. The scripts all call a Rhino client and perform CAD/BIM tasks described in the SKILL.md. There are no unrelated credentials or binaries requested.
Instruction Scope
SKILL.md and scripts instruct the agent to connect to a RhinoClaw plugin via TCP, copy config.json, run many local Python scripts, build/deploy Grasshopper defs, and execute arbitrary RhinoScript Python code via the plugin. Executing arbitrary code inside Rhino (execute_rhinoscript_python_code) and copying/running local meta_gen.py are powerful but coherent with the skill's stated purpose; users should be aware this grants the skill the ability to execute code on the Rhino host and write files into the user's home filesystem.
Install Mechanism
No install spec (instruction-only) and no remote download URLs in the registry metadata. The skill bundle contains scripts but does not instruct fetching or running code from an external release host, so there is no high-risk installer mechanism in the metadata provided.
Credentials
The skill requires no environment variables or keys. It does require a reachable Rhino host/port (config.json) which is proportionate to a tool that talks to a Rhino plugin. It does perform file operations (reading templates, writing .gh/.meta.json, copying to a Compute Platform definitions directory) which are expected for GH deploy workflows.
Persistence & Privilege
always:false (normal). The skill writes to user-space locations (home/compute platform defs) and may run subprocesses (meta_gen.py) on the user's machine when performing deploy flows. It does not declare elevated or system-wide persistence, nor does it modify other skills' configs in the bundle that was reviewed.
Assessment
This skill appears to do what it claims — control Rhino via a RhinoClaw plugin — but it is powerful and should be used with care. Before installing or running it: (1) Only connect to Rhino hosts you trust (prefer 127.0.0.1 for local Rhino). The SKILL relies on a Rhino plugin that listens on TCP; exposing that port to LAN/Internet is risky. (2) Be aware the skill can execute arbitrary Python inside Rhino (execute_rhinoscript_python_code) — do not allow untrusted agents or people to invoke those flows. (3) The GH deploy flow copies files into your home directory and may run a local meta_gen.py subprocess; review the destination path and meta_gen.py script before running. (4) If you need higher assurance, open and review scripts/rhino_client.py and script_exec.py to confirm there is no hidden network exfiltration or calls to unexpected endpoints. If you want help reviewing any specific file (for example rhino_client.py), provide its content and I can point out any risky lines.Like a lobster shell, security has layers — review code before you run it.
latestvk979z6g8k3vv3175sc7bbp4tp583c285
License
MIT-0
Free to use, modify, and redistribute. No attribution required.