ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Mechanics Sketches

v1.0.0

Generate technical engineering mechanics sketches (beams, supports, forces, moments, dimensions, coordinate systems) as PDF/PNG/SVG using the MechanicsSketch...

0· 447·0 current·0 all-time
by@matthiashbusch
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Benign
high confidence
Purpose & Capability
The name/description (create engineering sketches and render to PDF/PNG/SVG) matches the provided SKILL.md, API reference, and helper script. No unrelated environment variables, binaries, or cloud credentials are requested.
Instruction Scope
Runtime instructions confine actions to reading a user-specified JSON and writing an output image/PDF. However, the README/setup guidance tells the user to pip install the GitHub repo (network activity during setup) and to adjust PYTHONPATH; also the helper script inserts a relative path into sys.path to locate the MechanicsSketches package (this can cause imports from parent directories if present). These are expected for this type of skill but worth noting.
Install Mechanism
There is no formal install spec in the manifest (instruction-only), but SKILL.md suggests installing via pip from a GitHub repository (git+https://github.com/...). GitHub is a well-known host, but pip-installing arbitrary repository code executes network-fetched code on the user's machine; users should review the upstream code before running the installer.
Credentials
No environment variables, credentials, or config paths are required. The helper script only reads the input JSON and writes the output file; it does not access system secrets or external services.
Persistence & Privilege
The skill does not request always:true, does not modify other skills or system-wide agent settings, and contains no self-enabling behavior. It runs only when invoked.
Assessment
This skill appears to do what it says — generate and render mechanics sketches locally. Before installing or running: (1) review the upstream GitHub code if you plan to pip install from git+https://github.com/MatthiasHBusch/MechanicsSketches.git (pip installing from GitHub will fetch and execute code); (2) run it in a virtual environment to avoid contaminating your system Python and to contain PyQt5/matplotlib dependencies; (3) be mindful that the helper script will import the MechanicsSketches package via a relative sys.path insertion (it may pick up similarly named modules in parent directories), and it reads the input JSON and writes the output path you provide — only supply trusted JSON input and output locations; (4) if you need a fully offline setup, mirror/review the repo first, because the setup instruction triggers network access during installation.

Like a lobster shell, security has layers — review code before you run it.

latestvk972z62fmc2q3p4418x9betanx81ptws

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments