CAD Agent
v1.0.0Send build123d CAD commands via HTTP to render images, allowing visual iteration on 3D models entirely within a containerized CAD environment.
⭐ 5· 3.6k·17 current·18 all-time
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The SKILL.md describes a CAD rendering server that accepts build123d code over HTTP and returns renders; that matches the name. However, the manifest declares no required binaries or environment variables even though the runtime instructions require git, docker/docker-compose, network access, and a local port. The omission of these required host capabilities in the manifest is an inconsistency.
Instruction Scope
Runtime instructions tell the agent (or operator) to clone a GitHub repo, build a Docker image, run the container, and then send arbitrary build123d Python code to endpoints. Executing arbitrary code inside the container is expected for a CAD runner, but the instructions also encourage running host docker commands (docker run, docker exec) which may require privileged access and can be risky if the image or Dockerfile is untrusted. The SKILL.md also asserts 'never do STL manipulation outside the container' but gives no technical enforcement mechanism—this is guidance only.
Install Mechanism
There is no formal install spec in the manifest (instruction-only). The SKILL.md directs cloning from GitHub (a well-known host) and building a local Docker image. Cloning and building from a third-party repo is a moderate risk: the source should be reviewed (Dockerfile, entrypoint, scripts) before building or running. No opaque or shortened download URLs are used.
Credentials
The skill requests no environment variables or credentials in the manifest, which is consistent with a local/offline CAD container use-case. There are no unexpected credential demands listed. That said, the SKILL.md assumes the operator can bind ports and run Docker, which are host privileges rather than environment variables.
Persistence & Privilege
always is false and the skill is user-invocable and may be invoked autonomously (default). The skill does not request permanent platform-wide presence or claim to modify other skills' configs. The main privilege implication is that running Docker commands grants the container host-level capabilities depending on how Docker is used—this is an operational risk rather than a manifest privilege flag.
What to consider before installing
This skill appears to implement a local CAD render server and expects you to build and run a container from a GitHub repo. Before installing:
- Review the repository (especially Dockerfile, entrypoint, and any scripts) to see what the image will run and whether it mounts the Docker socket or host paths.
- Verify you have git and Docker/docker-compose available on the host; the manifest does not list these but the README requires them.
- Treat the container as running untrusted code: run it with least privilege, avoid mounting sensitive host paths, and avoid exposing the Docker socket to the container.
- Understand that the server will execute arbitrary build123d Python you send to it; limit who/what can send code and inspect the server code to ensure it restricts filesystem/network access as appropriate.
- If you plan to export or 3D print parts, validate exported files before use and ensure no sensitive data is written out inadvertently.
If you want a lower-risk option, request a vetted prebuilt image from a trusted publisher or ask the author for a security review of the Dockerfile and entrypoint.Like a lobster shell, security has layers — review code before you run it.
latest
CAD Agent
Give your AI agent eyes for CAD work.
Description
CAD Agent is a rendering server that lets AI agents see what they're building. Send modeling commands → receive rendered images → iterate visually.
Use when: designing 3D-printable parts, parametric CAD, mechanical design, build123d modeling
Architecture
Critical: All CAD logic runs inside the container. You (the agent) only:
- Send commands via HTTP
- View the returned images
- Decide what to do next
YOU (agent) CAD AGENT CONTAINER
───────────── ───────────────────
Send build123d code → Executes modeling
← Returns JSON status
Request render → VTK renders the model
← Returns PNG image
*Look at the image*
Decide: iterate or done
Never do STL manipulation, mesh processing, or rendering outside the container. The container handles everything — you just command and observe.
Setup
1. Clone the Repository
git clone https://github.com/clawd-maf/cad-agent.git
cd cad-agent
2. Build the Docker Image
docker build -t cad-agent:latest .
Or using docker-compose:
docker-compose build
3. Run the Server
# Using docker-compose (recommended)
docker-compose up -d
# Or using docker directly
docker run -d --name cad-agent -p 8123:8123 cad-agent:latest serve
4. Verify Installation
curl http://localhost:8123/health
# Should return: {"status": "healthy", ...}
Docker-in-Docker caveat: In nested container environments (e.g., Clawdbot sandbox), host networking may not work—
curl localhost:8123will fail even though the server binds to0.0.0.0:8123. Usedocker exec cad-agent python3 -c "..."commands instead. On a normal Docker host, localhost access works fine.
Workflow
1. Create Model
curl -X POST http://localhost:8123/model/create \
-H "Content-Type: application/json" \
-d '{
"name": "my_part",
"code": "from build123d import *\nresult = Box(60, 40, 30)"
}'
2. Render & View
# Get multi-view (front/right/top/iso)
curl -X POST http://localhost:8123/render/multiview \
-d '{"model_name": "my_part"}' -o views.png
# Or 3D isometric
curl -X POST http://localhost:8123/render/3d \
-d '{"model_name": "my_part", "view": "isometric"}' -o iso.png
Look at the image. Does it look right? If not, modify and re-render.
3. Iterate
curl -X POST http://localhost:8123/model/modify \
-d '{
"name": "my_part",
"code": "result = result - Cylinder(5, 50).locate(Pos(20, 10, 0))"
}'
# Re-render to check
curl -X POST http://localhost:8123/render/3d \
-d '{"model_name": "my_part"}' -o updated.png
4. Export
curl -X POST http://localhost:8123/export \
-d '{"model_name": "my_part", "format": "stl"}' -o part.stl
Endpoints
| Endpoint | What it does |
|---|---|
POST /model/create | Run build123d code, create model |
POST /model/modify | Modify existing model |
GET /model/list | List models in session |
GET /model/{name}/measure | Get dimensions |
POST /render/3d | 3D shaded render (VTK) |
POST /render/2d | 2D technical drawing |
POST /render/multiview | 4-view composite |
POST /export | Export STL/STEP/3MF |
POST /analyze/printability | Check if printable |
build123d Cheatsheet
from build123d import *
# Primitives
Box(width, depth, height)
Cylinder(radius, height)
Sphere(radius)
# Boolean
a + b # union
a - b # subtract
a & b # intersect
# Position
part.locate(Pos(x, y, z))
part.rotate(Axis.Z, 45)
# Edges
fillet(part.edges(), radius)
chamfer(part.edges(), length)
Important
- Don't bypass the container. No matplotlib, no external STL libraries, no mesh hacking.
- Renders are your eyes. Always request a render after changes.
- Iterate visually. The whole point is you can see what you're building.
Design File Safety
The project has safeguards against accidentally committing CAD outputs:
.gitignoreblocks *.stl, *.step, *.3mf, etc.- Pre-commit hook rejects design files
- User's designs stay local, never versioned
Links
Comments
Loading comments...