ClawHub

BimDown 中文

v1.4.1

AI与建筑信息的桥梁。像写代码一样读写BIM数据!让智能体自动完成建筑建模、按图建模、工程量统计或模型审查,甚至只是为你建一栋专属的数据化房屋!

0· 147·0 current·0 all-time
by@novashang
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
Capability signals
Crypto
These labels describe what authority the skill may exercise. They are separate from suspicious or malicious moderation verdicts.
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
Name/description are BIM-focused and the only required artifact is the bimdown CLI; required binaries and the described commands (build/render/query/publish) align with the stated purpose.
Instruction Scope
SKILL.md stays within BIM workflows: it tells the agent to run bimdown CLI commands, validate and render files, and only optionally publish project artifacts. It explicitly requires user authorization before installing the CLI or performing the first publish. There are no instructions to read unrelated system files or to fetch secrets.
Install Mechanism
This is an instruction-only skill (no install spec written to disk). It recommends `npm install -g bimdown-cli` if the binary is missing. Global npm installs can run package lifecycle scripts and write to system locations, so the user should verify package provenance before allowing an automated/global install.
Credentials
No required environment variables or credentials are requested. An optional BIMCLAW_API env var is documented to override the anonymous publish endpoint; this is proportional to the optional upload feature.
Persistence & Privilege
Skill is not always-enabled and does not request persistent system or cross-skill privileges. Agent autonomous invocation is allowed (platform default) but nothing in the skill requires elevated or persistent privileges.
Assessment
This skill is coherent for BIM workflows: it needs the bimdown CLI and uses that CLI to build, render, query, and optionally publish project files. Before installing or using it, do the following: (1) If you permit the skill to install the CLI, manually verify the npm package (bimdown-cli) and its source to avoid arbitrary install scripts; prefer to install yourself rather than letting an agent run global npm install. (2) Be cautious with `bimdown publish`: it uploads CSV/SVG/GLB files (which can contain site/layout and potentially sensitive data) to an external endpoint (https://bim-claw.com/api/shares/publish) unless you configure BIMCLAW_API to a self-hosted endpoint. The skill instructs the agent to request explicit permission before publishing — grant that permission only after you inspect the files to be uploaded and trust the destination. (3) No credentials are required by default, but if you set BIMCLAW_API, ensure the custom endpoint is trusted. Overall the skill appears to do what it claims, but treat the npm install and publish steps as sensitive operations and approve them explicitly.

Like a lobster shell, security has layers — review code before you run it.

latestvk979qw69d6xvr64t34wvvq1wa984hqs6

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Runtime requirements

🏛️ Clawdis
Binsbimdown

Comments