Trust Assessment
cad-agent received a trust score of 60/100, placing it in the Caution category. This skill has some security considerations that users should review before deployment.
SkillShield's automated analysis identified 3 findings: 1 critical, 0 high, 2 medium, and 0 low severity. Key findings include Missing required field: name, Arbitrary Python Code Execution via build123d code, Reliance on Unaudited Third-Party Repository.
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The LLM Behavioral Safety layer scored lowest at 63/100, indicating areas for improvement.
Last analyzed on February 12, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings3
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Arbitrary Python Code Execution via build123d code The skill allows the AI agent to send arbitrary Python code as part of the `build123d` modeling commands (e.g., `POST /model/create`, `POST /model/modify`). This code is explicitly stated to be 'executed' within the `cad-agent` Docker container. If the container is not sufficiently sandboxed or isolated, this could lead to command injection, data exfiltration from the container, or other malicious activities within the container's environment. The `SKILL.md` demonstrates sending Python code snippets directly for execution. The `cad-agent` container must implement robust sandboxing for the execution of `build123d` code. This could involve: 1. Running the code in a highly restricted environment (e.g., a separate, unprivileged process, a dedicated sandbox library like `restrictedpython` or `pysandbox`). 2. Limiting available modules and functions. 3. Restricting network access and file system access from the executed code. 4. Considering a whitelist approach for allowed `build123d` functions rather than arbitrary code execution. The `SKILL.md` should also clearly state the security implications and the sandboxing measures in place. | LLM | SKILL.md:59 | |
| MEDIUM | Missing required field: name The 'name' field is required for claude_code skills but is missing from frontmatter. Add a 'name' field to the SKILL.md frontmatter. | Static | skills/clawd-maf/cad-agent/SKILL.md:1 | |
| MEDIUM | Reliance on Unaudited Third-Party Repository The skill instructs users to clone and build a Docker image from `https://github.com/clawd-maf/cad-agent.git`. This repository is external to the `openclaw/skills` ecosystem and its contents (Dockerfile, application code, dependencies) are not directly audited as part of this skill package. This introduces a supply chain risk, as vulnerabilities or malicious code within `clawd-maf/cad-agent` could compromise the user's system or the `cad-agent` container. For critical skills, consider mirroring the external repository or performing a thorough security audit of its contents. Provide a hash or checksum for the expected `cad-agent` repository state (e.g., a specific commit hash) to ensure integrity. Document the security posture and any known vulnerabilities of the `cad-agent` project. If possible, integrate the `cad-agent` source directly into the skill package or a trusted repository. | LLM | SKILL.md:38 |
Scan History
Embed Code
[](https://skillshield.io/report/06b97597faf3927f)
Powered by SkillShield