ClawHub
Skill flagged — suspicious patterns detected

ClawHub Security flagged this skill as suspicious. Review the scan results before using.

Cad Agent 1.0.0

v1.0.0

Run build123d CAD code inside a container to create, render, and iteratively modify 3D models via HTTP with returned rendered images for visual feedback.

0· 39·1 current·1 all-time
by@zhangyingzhuangk
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
VirusTotalVirusTotal
Suspicious
View report →
OpenClawOpenClaw
Suspicious
medium confidence
Purpose & Capability
Name/description (CAD rendering server for build123d) align with the runtime instructions: the SKILL.md tells you to build a Docker image and run an HTTP service that accepts build123d code and returns renders.
!
Instruction Scope
The service endpoints accept and execute arbitrary build123d Python code (POST /model/create and /model/modify). That is necessary for the stated purpose, but it means untrusted code will run inside the container. SKILL.md does not provide the server implementation or security guarantees (e.g., sandboxing, no-network, non-root user), so you cannot verify that the container prevents host compromise, network exfiltration, or file access.
Install Mechanism
There is no formal install spec in the skill bundle (instruction-only). The instructions direct you to clone and docker-build a GitHub repository (https://github.com/clawd-maf/cad-agent). Because the actual server code / Dockerfile are not included in the skill bundle here, you must inspect that external repository before building/running it.
Credentials
The skill requests no environment variables, credentials, or config paths — which is proportionate. However, lack of declared credentials doesn't remove risk: the running container could still access host resources or external networks depending on how you run it.
Persistence & Privilege
The skill isn't marked always:true and doesn't request persistent platform privileges. It does instruct creating and running a container bound to host port 8123, which is normal for a local service but could expose the server if misconfigured.
Scan Findings in Context
[no_scan_findings (instruction-only bundle)] expected: The static scanner had no code to analyze because this is an instruction-only skill. That makes auditing the run-time server implementation necessary before trusting it.
What to consider before installing
Before installing/running this skill, review the GitHub repository and Dockerfile it asks you to build. Confirm the server implementation: does it execute received Python code directly? Does the container drop privileges, disable or restrict network access, and avoid mounting sensitive host paths? Run the image in an isolated VM or sandbox, avoid binding to public interfaces, and do not run it as root or with host networking unless you understand the risks. If you cannot inspect the repo or Dockerfile, treat the service as untrusted: run it in disposable infrastructure only and do not provide any secrets or mount sensitive volumes.

Like a lobster shell, security has layers — review code before you run it.

latestvk97dwvw5jqddvnhvtn3r23egmx84vnb2

License

MIT-0
Free to use, modify, and redistribute. No attribution required.
Termshttps://spdx.org/licenses/MIT-0.html

Comments