Back to skill
Skillv1.1.2
ClawScan security
Build123d Cad · ClawHub's context-aware review of the artifact, metadata, and declared behavior.
Scanner verdict
BenignMar 22, 2026, 11:12 PM
- Verdict
- benign
- Confidence
- high
- Model
- gpt-5-mini
- Summary
- The skill does what it says — runs user-supplied build123d Python snippets in a sandboxed subprocess to generate/measure/export CAD artifacts — and its code, required binaries, and instructions are coherent with that purpose.
- Guidance
- This skill appears coherent and implements a sandbox to run user-provided build123d scripts. Before installing, consider: (1) you will need to create a Python venv and pip-install build123d (outbound network access to PyPI); (2) the sandbox uses regex-based static checks to block dangerous imports/patterns — helpful but not a formal proof against creative escapes, so avoid running it in an environment containing sensitive credentials or production venvs; (3) the helper will inherit VIRTUAL_ENV if your agent is running inside a venv, so create and activate a dedicated venv for this skill to ensure the subprocess runs with the intended packages; (4) exported artifacts are written to your workspace (~/.openclaw/workspace/cad-output by default), so check that path if you want to restrict where files are created. If you need stronger guarantees, review/modify the validate_script rules or run the scripts in an isolated environment (container/VM) before enabling for autonomous use.
Review Dimensions
- Purpose & Capability
- okName/description (parametric CAD via build123d) matches the actual code and runtime behavior: the scripts generate STEP/STL/SVG, measure geometry, create sections, and validate assemblies. The only declared binary is python3, which is appropriate. No unrelated credentials, config paths, or extraneous binaries are requested.
- Instruction Scope
- noteSKILL.md instructs creating a virtualenv and installing build123d (expected). Runtime instructions and script APIs are narrowly scoped to CAD tasks. The runtime inserts user code into sandboxed Python scripts and runs them; the helper enforces a static whitelist/blacklist on the user-submitted code. Note: the sandboxing is implemented via static regex checks and import whitelisting on the user code slice — this limits many risky operations, but static checks are not a perfect guarantee against creative escapes.
- Install Mechanism
- noteThere is no automated install spec (instruction-only). SKILL.md asks the user to create a venv and pip install build123d — a normal, low-risk approach but it does require outbound network access to PyPI (or other configured pip sources). No downloads from untrusted URLs or archive extraction are present in the skill bundle itself.
- Credentials
- okThe skill requires no credentials or config paths. The helper runtime purposely constructs a small clean environment for subprocesses (PATH, HOME set to tmpdir, TMPDIR, PYTHONDONTWRITEBYTECODE, and explicit _RESULT_PATH/_WORKSPACE). One subtlety: if the parent process has VIRTUAL_ENV set, run_sandboxed propagates VIRTUAL_ENV and prefixes PATH with that venv — this is practical for ensuring the venv's Python is used but means the subprocess will run with whatever packages are available in that venv; ensure the venv used is the intended one.
- Persistence & Privilege
- okThe skill is not always-enabled and does not request persistent system-wide privileges. It writes output artifacts to a workspace directory (~/.openclaw/workspace/cad-output by default) and manages its own temp files. It does not modify other skills or global agent config.