Ai 3d Generator
PassAudited by VirusTotal on May 12, 2026.
Overview
Type: OpenClaw Skill Name: ai-3d-generator Version: 1.0.0 The skill is classified as suspicious due to two critical vulnerabilities. Firstly, the SKILL.md instructions describe an architecture where an AI agent generates and executes Python code based on user input (via `{{USER_DESCRIPTION}}`), creating a severe Remote Code Execution (RCE) vulnerability through prompt injection against the LLM. Secondly, the `scripts/generate-from-prompt.sh` script, which simulates this process, directly injects user-controlled input (`$OUTPUT_NAME`) into a filename via `sed`, allowing for path traversal (`../`) to write files outside the intended `/home/celluloid/.openclaw/workspace/stl-exports` directory.
Findings (0)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A malformed or adversarial prompt/output name could break the generated script or cause unexpected Python code to run on the user's machine.
The script creates a Python file, substitutes user-controlled values into it, and immediately executes it. This is local code execution without a sandbox or review gate.
cat > "$TEMP_SCRIPT" << 'PYTHON_SCRIPT' ... sed -i "s|{{OUTPUT_NAME}}|$OUTPUT_NAME|g" "$TEMP_SCRIPT" ... python3 "$TEMP_SCRIPT"Do not execute generated scripts automatically. Generate to a file first, show it to the user, restrict allowed imports/operations, sanitize substitutions, and run only in a sandboxed environment.
The skill may write outside the intended STL export directory or alter the generated Python source if given unsafe output names.
The output name argument is inserted into Python source code and then used as the export filename without validation. Quotes, path separators, or absolute paths are not constrained.
OUTPUT_NAME="${2:-generated_model}" ... sed -i "s|{{OUTPUT_NAME}}|$OUTPUT_NAME|g" "$TEMP_SCRIPT" ... save_mesh(mesh, "{{OUTPUT_NAME}}.stl")Accept only simple safe filenames, reject absolute paths and '..', escape values before inserting them into code, and keep exports confined to the intended directory.
The skill may fail or use whatever packages are present in that local environment, rather than a declared, reproducible setup.
The registry says there is no install spec or required binaries, but the script depends on a specific local virtual environment and Python packages.
source /home/celluloid/.openclaw/workspace/venvs/cad/bin/activate
Declare and pin Python dependencies, document setup clearly, and avoid hard-coded user-specific virtualenv paths.
If configured, the skill could keep generating files or consuming model/compute resources on a schedule.
SKILL.md documents an optional recurring daily generation job. It is shown as an example rather than installed automatically, but it would create ongoing autonomous activity if enabled.
"name": "3d:generate-daily", "schedule": {"kind": "cron", "expr": "0 9 * * *"}Enable recurring jobs only intentionally, set storage and cost limits, and provide an easy way to disable the schedule.