CAD Editor
PassAudited by ClawScan on May 10, 2026.
Overview
The CAD skill appears purpose-aligned and shows no exfiltration or persistence, but it uses local generated Python execution and unpinned dependencies that users should run in a controlled environment.
This skill appears reasonable for generating CAD files. Before installing, use a Python virtual environment, keep generated outputs in a dedicated folder, and be aware that the workflow executes generated Python locally. No credentials are required based on the provided artifacts.
Findings (2)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
A faulty or unexpectedly generated script could affect local files or the Python environment, even though the provided artifacts show intended CAD output behavior.
The skill's disclosed workflow executes generated Python to create CAD output. This is central to the stated purpose, but it runs with the local Python process's permissions rather than an explicit sandbox.
script_code = gen.generate(intent, params) ... exec(script_code)
Run the skill in a project workspace or virtual environment, keep output paths explicit, and review generated scripts if they contain unusual imports, file operations, shell calls, or network access.
Different package versions may change behavior or introduce dependency risk in the user's Python environment.
The skill asks users to install required CAD/rendering dependencies without pinning versions. The packages are purpose-aligned, but unpinned installs can change over time.
安装命令:`pip install ezdxf matplotlib numpy`
Install dependencies in a virtual environment and pin known-good versions if the skill will be used for repeatable or production workflows.