Back to skill
Skillv1.0.0
VirusTotal security
Cad Agent 1.0.0 · External malware reputation and Code Insight signals for this exact artifact hash.
Scanner verdict
SuspiciousApr 14, 2026, 1:01 AM
- Hash
- 7484a96fb76159f0e26e41937c9a6f5a0d08eac31ade7465870ca63e064cd3ce
- Source
- palm
- Verdict
- suspicious
- Code Insight
- Type: OpenClaw Skill Name: cad-agent-1-0-0 Version: 1.0.0 The skill bundle describes a CAD rendering server that facilitates Remote Code Execution (RCE) by design, instructing the agent to send and execute arbitrary Python code (build123d) within a Docker container. While this behavior is aligned with the stated purpose of 3D modeling, the requirement to clone a remote repository (github.com/clawd-maf/cad-agent) and run a container that executes code strings via HTTP POST requests (/model/create) constitutes a high-risk capability. No explicit evidence of malicious intent, such as data exfiltration or backdoors, was found in SKILL.md or _meta.json.
- External report
- View on VirusTotal