EasyEDA API Skill
SuspiciousAudited by ClawScan on May 10, 2026.
Overview
The skill appears purpose-built for EasyEDA, but it gives the agent broad live control of your EasyEDA client and projects through a local code-execution bridge.
Install this only if you intentionally want an AI agent to control EasyEDA. Back up important projects, verify the companion EasyEDA extension, confirm the selected EDA window, require approval before edits or destructive actions, keep the bridge local, and stop the background server when done.
Findings (5)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
An agent using this bridge could inspect or change the active EasyEDA project, schematic, PCB, libraries, or other client state if it sends mutating code.
The skill exposes a generic code execution endpoint into the running EasyEDA client. This is central to the skill, but it is broad authority and the shown instructions do not define approval, read-only defaults, or operation-level limits.
curl -X POST http://localhost:${BRIDGE_PORT:-49620}/execute ... -d '{"code": "return await eda.dmt_Project.getCurrentProjectInfo();"}'Use only with trusted agents and projects, keep backups, require explicit confirmation before edits/deletes/publishing, and prefer scoped helper commands over arbitrary code execution where possible.
The agent may act with your EasyEDA permissions in the selected window, even though the skill does not request separate credentials.
The bridge operates inside the user's active EasyEDA client, so actions inherit whatever project, library, workspace, or account permissions that client has.
Execute code in the running EasyEDA Pro client ... including PCB design, schematic editing, footprint/symbol management, and project operations.
Confirm the active EasyEDA window and account before use, and avoid running the bridge while sensitive or unrelated projects are open.
Installing the companion extension expands the trusted code involved in controlling EasyEDA.
The documented workflow depends on an external EasyEDA extension in addition to the local skill files. This is purpose-aligned, but users must trust that extension source.
Install the `run-api-gateway.eext` extension in EasyEDA Pro. Download link: https://ext.lceda.cn/item/oshwhub/run-api-gateway
Install the extension only from the official/expected publisher, verify the version, and remove or disable it when not needed.
Code and results may pass through the bridge, and incorrect or unintended local connections could matter if the bridge is reachable beyond the intended agent/client pair.
The bridge uses local HTTP/WebSocket discovery and a service-name handshake to connect the agent and EasyEDA client. The shown documentation does not describe stronger authentication or per-session authorization.
Both AI and EDA clients auto-discover the server by scanning the port range and verifying a handshake (`service: "easyeda-bridge"`).
Ensure the bridge binds only to localhost, add or verify a per-session token if available, and stop the bridge after the EasyEDA session.
The local bridge may keep running and remain able to accept EasyEDA automation requests until stopped.
The skill explicitly starts a long-running background bridge process. This is disclosed and fits the purpose, but it can remain available after the immediate task.
The bridge server must run in the background ... node ${CLAUDE_SKILL_DIR}/scripts/bridge-server.mjs &Stop the Node bridge process when finished, especially before opening unrelated EasyEDA projects.