Skillv1.0.0

ClawScan security

Cad Agent 1.0.0 · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

SuspiciousApr 14, 2026, 12:59 AM

Verdict: suspicious
Confidence: medium
Model: gpt-5-mini
Summary: The skill's stated purpose (run build123d in a container and return renders) matches its instructions, but it relies on running arbitrary Python modeling code sent over HTTP to a container built from an external GitHub repo that you cannot inspect here — that combination is risky and requires review before use.
Guidance: Before installing/running this skill, review the GitHub repository and Dockerfile it asks you to build. Confirm the server implementation: does it execute received Python code directly? Does the container drop privileges, disable or restrict network access, and avoid mounting sensitive host paths? Run the image in an isolated VM or sandbox, avoid binding to public interfaces, and do not run it as root or with host networking unless you understand the risks. If you cannot inspect the repo or Dockerfile, treat the service as untrusted: run it in disposable infrastructure only and do not provide any secrets or mount sensitive volumes.
Findings: [no_scan_findings (instruction-only bundle)] expected: The static scanner had no code to analyze because this is an instruction-only skill. That makes auditing the run-time server implementation necessary before trusting it.

Review Dimensions

Purpose & Capability: okName/description (CAD rendering server for build123d) align with the runtime instructions: the SKILL.md tells you to build a Docker image and run an HTTP service that accepts build123d code and returns renders.
Instruction Scope: concernThe service endpoints accept and execute arbitrary build123d Python code (POST /model/create and /model/modify). That is necessary for the stated purpose, but it means untrusted code will run inside the container. SKILL.md does not provide the server implementation or security guarantees (e.g., sandboxing, no-network, non-root user), so you cannot verify that the container prevents host compromise, network exfiltration, or file access.
Install Mechanism: noteThere is no formal install spec in the skill bundle (instruction-only). The instructions direct you to clone and docker-build a GitHub repository (https://github.com/clawd-maf/cad-agent). Because the actual server code / Dockerfile are not included in the skill bundle here, you must inspect that external repository before building/running it.
Credentials: okThe skill requests no environment variables, credentials, or config paths — which is proportionate. However, lack of declared credentials doesn't remove risk: the running container could still access host resources or external networks depending on how you run it.
Persistence & Privilege: okThe skill isn't marked always:true and doesn't request persistent platform privileges. It does instruct creating and running a container bound to host port 8123, which is normal for a local service but could expose the server if misconfigured.