ClawHub

CADStack - CAD Automation Skill Pack

Security checks across malware telemetry and agentic risk

Overview

This CAD skill is mostly purpose-aligned, but it gives generated scripts and a local Fusion 360 bridge enough authority that users should review it carefully before installing.

Install only if you are comfortable letting the skill generate and run Python CAD scripts and write model files. Prefer trusted prompts and scripts, review generated code before execution, keep outputs in a dedicated project directory, and avoid enabling the Fusion 360 bridge unless you understand that local processes can send it CAD/export commands while it is running.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Rogue AgentSelf-Modification, Session Persistence
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (7)

exec() call detected

High
Category
Dangerous Code Execution
Content
# Execute script
    console.print(f"\n[cyan]Executing script...[/cyan]")
    try:
        exec(script_content, {"__builtins__": {}}, safe_namespace)
        console.print(f"\n[green]Script executed successfully[/green]")
        console.print(f"Output: {output_path}")
    except CADStackError as e:
Confidence
97% confidence
Finding
exec(script_content, {"__builtins__": {}}, safe_namespace)

Intent-Code Divergence

Medium
Confidence
87% confidence
Finding
The code and comments describe the namespace as restricted/sandboxed, but the script is intentionally given a live backend object and output path that can perform real operations and write files. This mismatch creates a dangerous false sense of safety for operators and developers, increasing the likelihood that untrusted scripts will be executed under unsafe assumptions.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The bridge exposes an unauthenticated local socket API that accepts an arbitrary `filepath` from the client and immediately performs an export to that path. Any local process that can connect to `localhost:8080` can cause Fusion 360 to write files to attacker-chosen locations without user confirmation, enabling unauthorized file creation/overwrite and abuse of the user's CAD session.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
This command is designed to run arbitrary user-provided CAD scripts, yet it does not clearly warn that this is equivalent to executing code and should only be done with trusted input. In the context of a CLI tool that appears to offer validation and 'sandboxing,' the lack of an explicit warning materially increases the chance of unsafe use.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly includes an execution step to generate and run CAD scripts, but it does not require an explicit user confirmation or warn about the risks of executing generated actions. In a CAD environment, script execution can modify models, overwrite files, trigger expensive batch operations, or invoke downstream tooling, so skipping a confirmation gate creates a real safety and integrity risk.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The skill explicitly instructs the agent to generate Python scripts, execute them via Bash, and write output files, but it does not require clear user consent or a prominent warning before code execution and filesystem changes. Because the script content is derived from natural-language input, this expands the attack surface to code-generation abuse, unsafe file writes, or unintended execution if validation is incomplete.

Session Persistence

Medium
Category
Rogue Agent
Content
- Transformations (move, rotate)
   - Export format (STEP, STL, OBJ)

2. **Generate Script**: Create platform-specific Python script using the backend API

3. **Safety Review**: Check for dangerous patterns (built-in /cad-review behavior)
Confidence
81% confidence
Finding
Create platform-specific Python script using the backend API 3. **Safety Review**: Check for dangerous patterns (built-in /cad-review behavior) 4. **Execute**: Run script via cad_executor.py 5. **V

VirusTotal

VirusTotal findings are pending for this skill version.

View on VirusTotal