Skills grasshopper-workflow
📦

grasshopper-workflow

Medium Risk ⚡ Contains scripts🌐 Network access📁 Filesystem access

Automate Grasshopper Modeling Workflows

Grasshopper workflows often require many repeated component, connection, and parameter steps. This skill provides scripts and guidance to turn MMD plans into executable Grasshopper MCP workflows.

Supports: Claude Codex Code(CC)
⚠️ 50 Poor
1

Download the skill ZIP

2

Upload in Claude

Go to Settings → Capabilities → Skills → Upload skill

3

Toggle on and start using

Test it

Using "grasshopper-workflow". A user asks how to turn an MMD component map into a Grasshopper definition.

Expected outcome:

A step-by-step workflow covering MMD parsing, placement plan generation, component creation, connection execution, slider setup, and grouping.

Using "grasshopper-workflow". A user reports missing component IDs during connection execution.

Expected outcome:

A troubleshooting checklist that checks component creation results, saved ID maps, connection source and target names, and Grasshopper MCP responses.

Using "grasshopper-workflow". A user wants to run the CLI safely on a project file.

Expected outcome:

A cautious execution plan that confirms the MCP server, backs up outputs, reviews generated commands, and uses project-local paths.

Security Audit

Medium Risk
v6 • 6/28/2026

AI review did not confirm the static scanner high-risk malware indicators. Most external command, weak crypto, C2, reconnaissance, and entropy hits are false positives caused by Markdown examples, Grasshopper command names, and UUID-like component GUIDs. The remaining risk is medium because the skill includes Python scripts that read and write local files and send user-provided modeling commands to a local Grasshopper MCP socket.

16
Files scanned
4,253
Lines analyzed
9
findings
6
Total audits
Medium Risk Issues (3)
Local Grasshopper Command Channel
The client opens a TCP socket to the configured Grasshopper MCP server and sends serialized command objects. This is expected for the skill, but untrusted placement data can create, connect, delete, or modify Grasshopper document components through that local service.
User-Controlled Local File Writes
Several CLI commands write JSON output to paths provided by the user, and utility functions update placement or component map files. This can overwrite local files if a user supplies an unsafe path.
Dynamic Local Import Fallback
The CLI modifies sys.path and can load a local __init__.py with importlib when normal imports fail. This supports direct script execution, but it can execute code from the local skill directory if that directory is modified.
Low Risk Issues (3)
Static External Command Findings Dismissed
The reported Ruby or shell backtick detections are Markdown inline code, fenced examples, and CLI documentation. No subprocess, os.system, shell popen, or equivalent command execution was found in the executable scripts reviewed.
Weak Cryptography Findings Dismissed
The weak cryptography detections are UUID-like Grasshopper component GUIDs and GUID mapping values, not cryptographic functions or hashing algorithms.
C2 and Reconnaissance Findings Dismissed
The C2 keyword matches come from Grasshopper command names such as connect_components, and reconnaissance matches come from component queries and document error checks. No evidence found of system inventory, persistence, or command-and-control behavior.

Detected Patterns

Socket-Based Command DispatchLocal JSON File MutationImport Path Expansion
Audited by: codex View Audit History →

Quality Score

68
Architecture
100
Maintainability
87
Content
70
Community
44
Security
83
Spec Compliance

What You Can Build

Generate Parametric Layouts

Convert MMD component plans into structured placement steps for a Grasshopper definition.

Automate Repetitive Grasshopper Setup

Create components, connect nodes, set sliders, and group related model sections with less manual work.

Review MCP Modeling Workflows

Inspect generated placement plans before executing them against a local Grasshopper session.

Try These Prompts

Explain The Workflow
Explain how this Grasshopper workflow skill turns component_info.mmd into a Grasshopper definition. Keep the steps concise.
Create A Placement Plan
Use the skill references to plan how I should generate placement_info.json from my component_info.mmd file.
Debug Failed Connections
Review my Grasshopper workflow failure and identify likely causes in component IDs, parameter names, or connection order.
Audit A Full Automation Run
Evaluate this placement workflow before execution. Check component creation, connection dependencies, slider ranges, grouping, and local file risks.

Best Practices

  • Review generated placement plans before executing them in Grasshopper.
  • Use project-local input and output paths to avoid overwriting unrelated files.
  • Run the MCP server only for trusted local Grasshopper sessions.

Avoid

  • Do not execute placement files from untrusted sources without review.
  • Do not point output arguments at important existing files.
  • Do not assume every Grasshopper component name has a supported GUID mapping.

Frequently Asked Questions

What does this skill automate?
It helps parse MMD files, generate placement plans, and drive Grasshopper component workflows through local Python scripts.
Does it require Rhino or Grasshopper?
Yes. Execution requires a local Grasshopper MCP server connected to a Grasshopper session.
Can it create components automatically?
Yes. The scripts can send add_component commands with GUIDs and canvas positions to the MCP server.
Can it change local files?
Yes. It can write placement plans, parsed outputs, error reports, and component ID maps.
Are the static high-risk alerts confirmed?
No. The reviewed high-risk alerts are mostly false positives from GUIDs, Markdown examples, and Grasshopper command names.
What should users review before running it?
Users should review generated placement commands, output paths, component GUIDs, and the target MCP server.