CADStack - CAD Automation Skill Pack

Do not run the referenced ./setup or otherwise install this skill until you have verified its origin and reviewed the setup script and code. Specific steps to follow before installing: - Verify source: SKILL.md suggests git cloning from GitHub, but no official homepage or canonical repo is provided. Confirm the repository URL and owner identity (the placeholder URL in README is suspicious). - Inspect ./setup: open it in a text editor and confirm it only installs expected Python packages and places files in safe locations. Refuse to run setup if it runs arbitrary shell commands, curl|sh patterns, or downloads/extracts archives from unknown hosts. - Audit code that interacts with the system: review files that import win32com, FreeCAD, or that write to home directories. These will access local CAD applications and files and can be abused to read local data or control COM-enabled applications. - Run in an isolated environment first: if you want to test, run the skill in a VM or disposable container with no access to sensitive files, or use a non-production machine with CAD licenses as needed. - Confirm network behavior: search the code for outbound network calls, hard-coded endpoints, or telemetry. If the skill needs a bridge/add-in (e.g., Fusion 360 bridge), verify how that add-in is installed and whether it opens network ports or external endpoints. - Principle of least privilege: only enable the backends you need (prefer CadQuery or FreeCAD headless) and avoid enabling AutoCAD/SolidWorks COM automation unless necessary. If you cannot perform these checks yourself, treat the skill as untrusted and avoid executing its setup script or invoking it with access to production data or local credentials.