ClawHub

Copilot For Revit Skill

Security checks across malware telemetry and agentic risk

Overview

The skill openly does what it claims, but it can automatically send live Revit project-changing commands without default confirmation.

Install only if you trust the bridge code and the Revit MCP endpoint. Use it first on test or backed-up models, restrict the MCP service to a trusted local network, and enable command confirmation before allowing mutating or bulk Revit commands.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Taint TrackingDirect Taint Flow, Variable-Mediated Taint Flow, Credential Exfiltration Chain
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Findings (5)

subprocess module call

Medium
Category
Dangerous Code Execution
Content
cmd_parts.extend(["--args", json.dumps(args)])
    
    try:
        result = subprocess.run(
            cmd_parts,
            cwd=BRIDGE_DIR,
            capture_output=True,
Confidence
90% confidence
Finding
result = subprocess.run( cmd_parts, cwd=BRIDGE_DIR, capture_output=True, text=True, timeout=60, env={**subprocess.os.env

Tainted flow: 'BRIDGE_DIR' from os.environ.get (line 16, credential/environment) → subprocess.run (code execution)

Medium
Category
Data Flow
Content
cmd_parts.extend(["--args", json.dumps(args)])
    
    try:
        result = subprocess.run(
            cmd_parts,
            cwd=BRIDGE_DIR,
            capture_output=True,
Confidence
97% confidence
Finding
result = subprocess.run( cmd_parts, cwd=BRIDGE_DIR, capture_output=True, text=True, timeout=60, env={**subprocess.os.env

Missing User Warnings

Medium
Confidence
83% confidence
Finding
The README explicitly presents a bulk model-editing action ('把所有门的高度改成 2100') as a normal example without warning that it can alter live project data, trigger unintended design changes, or require permission/review. In a skill that can remotely operate Revit, normalizing destructive edits increases the chance of accidental misuse, especially by users who may assume the action is safe and reversible.

Vague Triggers

Medium
Confidence
90% confidence
Finding
The skill is configured to auto-activate for broad Revit-related requests and is explicitly capable of performing state-changing operations such as deleting elements or modifying parameters. That means ordinary design discussion or exploratory questions about Revit could trigger connection to a live Revit environment and enable destructive actions without strong user intent verification. In this context, broad activation is more dangerous because the target system is a production design application with potentially high-value project data.

Vague Triggers

Medium
Confidence
96% confidence
Finding
The keyword trigger list includes generic terms like 'Revit', '视图', '元素', '墙', '门', and '房间', as well as dynamically learned tool names, which greatly increases the chance of accidental activation from normal conversation. Because this skill can issue live commands against a Revit project and the file states there is no command-execution confirmation by default, an unintended trigger could lead to unauthorized or destructive modifications to project data.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal