Skills
skills/earthtojake/text-to-cad/cad-viewer/Gen Agent Trust Hub

cad-viewer

Warn

Audited by Gen Agent Trust Hub on Jun 23, 2026

Risk Level: MEDIUMREMOTE_CODE_EXECUTIONCOMMAND_EXECUTIONEXTERNAL_DOWNLOADS
Full Analysis
  • [REMOTE_CODE_EXECUTION]: The skill dynamically loads and executes source code from the local workspace to generate CAD model specifications and render complex model definitions.
  • scripts/viewer/packages/cadpy/src/cadpy/assembly_spec.py uses importlib.util.module_from_spec and loader.exec_module to load and run Python generator scripts found in the model directory.
  • scripts/viewer/packages/implicitjs/src/lib/implicitCad/loader.js uses dynamic import() to load JavaScript modules defining implicit CAD models.
  • scripts/viewer/packages/cadjs/src/common/stepModule.js uses dynamic import() to load parameter and logic definitions for STEP models at runtime.
  • [COMMAND_EXECUTION]: The skill executes shell commands and manages subprocesses to configure its environment and run background simulation utilities.
  • scripts/viewer/moveit2_server/setup.sh and scripts/viewer/moveit2_server/run-moveit2-server.sh execute conda environment updates and package installations.
  • scripts/viewer/moveit2_server/moveit2_server/moveit_py.py spawns a Python subprocess using subprocess.Popen to execute an internal joint state seeding utility.
  • [EXTERNAL_DOWNLOADS]: The skill utilizes a browser-based rendering engine that relies on external dependencies for full functionality.
  • scripts/viewer/packages/implicitjs/package.json includes playwright@^1.52.0, which typically downloads and executes browser binaries (such as Chromium) on the local system during installation or first run.
Audit Metadata
Risk Level
MEDIUM
Analyzed
Jun 23, 2026, 07:03 AM
Security Audit — agent-trust-hub — cad-viewer