Back to skill
Skillv1.1.2
VirusTotal security
Build123d Cad · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousMar 22, 2026, 11:46 PM
- Hash
- 58409042e419bfbb8c59c7e6e2264cebab896c5187ef389f0beb152acc2cf94b
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: build123d-cad Version: 1.1.2 The skill provides a suite of tools for 3D CAD generation by executing user-provided Python scripts via a subprocess. While it attempts to implement a sandbox in `helpers.py` using a whitelist of allowed imports and a regex-based blacklist of dangerous patterns (e.g., `os.system`, `eval`, `subprocess`, `socket`), this approach is inherently vulnerable to bypasses through string obfuscation or attribute access. Although the behavior is aligned with the stated purpose and includes defensive tests in `tests/test_scripts.py`, the core functionality relies on a high-risk execution model that could be exploited for remote code execution (RCE) if the sandbox is circumvented.
- External report
- View on VirusTotal