ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Openclaw Cnc Core

v1.2.1

🦞 OpenClaw CNC 智能报价系统核心框架 - 支持 STEP 解析、智能报价、风险控制

0· 177·1 current·1 all-time
by@timo2026

Install

OpenClaw Prompt Flow

Install with OpenClaw

Best for remote or guided setup. Copy the exact prompt, then paste it into OpenClaw for timo2026/openclaw-cnc-core.

Previewing Install & Setup.
Prompt PreviewInstall & Setup
Install the skill "Openclaw Cnc Core" (timo2026/openclaw-cnc-core) from ClawHub.
Skill page: https://clawhub.ai/timo2026/openclaw-cnc-core
Keep the work scoped to this skill only.
After install, inspect the skill metadata and help me finish setup.
Use only the metadata you can verify from ClawHub; do not invent missing requirements.
Ask before making any broader environment changes.

Command Line

CLI Commands

Use the direct CLI path if you want to install manually and keep every step visible.

OpenClaw CLI

Bare skill slug

openclaw skills install openclaw-cnc-core

ClawHub CLI

Package manager switcher

npx clawhub@latest install openclaw-cnc-core
Security Scan
VirusTotalVirusTotal
Benign
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (CNC quote engine, STEP parsing, risk control, RAG) align with the included modules (quote_engine, step parser, risk_control, retrievers). The code optionally uses external LLM/vector APIs (APIAdapter) which matches the SKILL.md 'supported LLM platforms'. No unrelated cloud credentials are required by default. However the code expects local data/DBs under ~/.openclaw or /home/admin/.openclaw which is not described in SKILL.md and could access existing local production data.
!
Instruction Scope
SKILL.md shows example usage only, but the code will read and write files under absolute paths like /home/admin/.openclaw/workspace and ~/.openclaw/workspace/data, initialize SQLite DBs, and save retriever_config.json. quote_engine inserts a user workspace path into sys.path and then imports a 'data_layer' module from that path — this will execute Python code from the user's workspace if present. Those file reads/writes and dynamic imports go beyond the simple examples in SKILL.md and could access or execute user-local files.
Install Mechanism
No install specification is provided (instruction-only skill), and all code is bundled with the skill. No downloads from external URLs or extract/install steps are present in the manifest. A requirements.txt is included (small); running pip install -r requirements.txt is implied but not enforced by the skill manifest.
Credentials
The skill does not declare required environment variables but supports many optional LLM API keys (OPENAI_API_KEY, DASHSCOPE_API_KEY, etc.) via APIAdapter. Requesting API keys for LLM/vector retrieval is proportionate to the listed functionality, but if you provide keys they will be used to make outbound network calls (e.g., embeddings endpoints). There is no unexplained request for unrelated secrets, but supplying keys expands the skill's network access.
Persistence & Privilege
always is false and the skill does not request global agent privileges. However the code creates/initializes local SQLite databases and configuration files under the user's ~/.openclaw or /home/admin/.openclaw workspace paths and may modify retriever_config.json or create review_tasks DB entries — this is local persistence within its own data area (expected for this application) but still writes to the user's home directories.
What to consider before installing
This package appears to implement the described CNC quote functionality, but exercise caution before running it on a machine with sensitive data. Key points: 1) The code uses absolute workspace paths (e.g. /home/admin/.openclaw and ~/.openclaw) — it will read/write SQLite DBs and config files there; if you have existing data in those locations the skill may read or modify it. 2) quote_engine modifies sys.path to include your workspace and then imports a local module named data_layer — that import will execute Python from that directory if present, which is a potential code-execution vector. 3) The skill will perform outbound calls to LLM/vector provider endpoints if you supply API keys; only provide keys you trust and prefer least-privileged keys. Recommended actions: run the code in an isolated environment (container or VM), inspect or rename any existing ~/.openclaw or /home/admin/.openclaw files beforehand, search for and review any data_layer module in your environment, avoid supplying production API keys until you validate behavior, and consider editing the code to use a controlled workspace path or to remove the sys.path insertion before use.

Like a lobster shell, security has layers — review code before you run it.

latestvk97awxsrpqvf17k96j677tpbt584perk
177downloads
0stars
4versions
Updated 2w ago
v1.2.1
MIT-0
@timo2026
latest
Download

OpenClaw CNC Core

CNC加工智能报价系统 | Intelligent CNC Machining Quote System

简介

OpenClaw CNC Core 是面向CNC加工行业的智能报价引擎,提供:

  • 📐 STEP/STL 图纸解析
  • 💰 智能报价计算
  • ⚠️ 风险控制预警
  • 🔍 历史案例检索

在线演示

🌐 演示地址: http://47.253.101.130/

🔒 安全防护:Nginx限流 (20次/分钟/IP) + 安全头 + 50MB上传限制

快速开始

from core.quote_engine import OpenClawQuoteEngine

# 初始化引擎
engine = OpenClawQuoteEngine(config_dir="./config/examples")

# 计算报价
order = {
    "material": "铝6061",
    "volume_cm3": 100,
    "area_dm2": 20,
    "quantity": 10,
    "surface_treatment": "阳极氧化"
}
result = engine.calculate_quote(order)
print(f"报价: ¥{result.total_price}")

支持的LLM平台

平台标识符需要API Key
DashScopedashscope
OpenAIopenai
DeepSeekdeepseek
智谱AIzhipu
Moonshotmoonshot
Ollama (本地)local

版本

  • 社区版: MIT License,免费使用
  • 商业版: 预训练模型 + 行业价格库 + 定制服务

联系方式

开源日期: 2026-03-26
版本: v1.2.0
许可证: MIT

Comments

Loading comments...