Security audit

Blender 3d Modeling

Security checks across malware telemetry and agentic risk

Overview

This skill appears to do what it says: use AgentPMT's cloud Blender service for 3D rendering, conversion, printing checks, and optional custom Blender scripts, with no evidence of hidden malicious behavior.

Install this only if you are comfortable sending 3D model files to AgentPMT's remote service. Avoid putting secrets in models, prompts, scripts, or logs, and use run_script only with scripts you wrote or reviewed because it executes custom Blender Python and can upload files written to OUTPUT_DIR.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
System Prompt LeakageDirect Leakage, Indirect Extraction, Tool-Based Exfiltration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (5)

Description-Behavior Mismatch

High

Confidence: 97% confidence
Finding: The schema exposes a `run_script` action that allows arbitrary Blender Python execution, while the skill metadata presents the product as a bounded modeling/rendering/conversion tool. That mismatch increases the chance that downstream agents or users invoke a far more powerful capability than intended, enabling arbitrary code-like behavior inside the Blender execution environment and access to provided paths such as MODEL_PATH and OUTPUT_DIR.

Context-Inappropriate Capability

High

Confidence: 96% confidence
Finding: Arbitrary Blender Python scripting is substantially more dangerous than the skill's stated modeling, rendering, conversion, and printability functions. Even if intended for flexibility, it creates a generic code-execution primitive within the tool environment that can be abused for unintended actions, data access, or resource exhaustion.

Missing User Warnings

Medium

Confidence: 87% confidence
Finding: The skill exposes a `run_script` action that executes arbitrary Blender Python remotely, but the warning language is minimal and focuses more on task scoping than on the security implications of executing untrusted user code. Even if the service is intended to sandbox execution, arbitrary script execution against user-supplied models and cloud resources materially increases risk of abuse, denial of service, unexpected network/file access, or sandbox escape if isolation is imperfect.

Missing User Warnings

High

Confidence: 95% confidence
Finding: Describing custom script execution without a prominent safety warning materially increases the risk of unsafe agent use. Agents may treat it as a routine media-processing action when it is actually arbitrary code execution inside Blender, which can have broader system and data effects than normal rendering operations.

Direct Prompt Extraction

High

Category: System Prompt Leakage
Content: - `voxel_remesh` rejects requests whose grid cell count exceeds **5,000,000** with `error_code: "BLENDER_VOXEL_GRID_TOO_LARGE"`. The error message includes the minimum-safe `voxel_size`. For a 150 mm bbox the minimum-safe value is ≈ 0.31 mm; smaller voxels make the grid blow up cubically. - `run_script` rejects payloads larger than **64 KiB** with `error_code: "BLENDER_RUN_SCRIPT_TOO_LARGE"`. Reach for `convert_format` or `render_views` if the script is just orchestrating a few API calls. #### Input And Output Rules Supported model inputs for standard render/convert actions are BLEND, GLB, GLTF, FBX, OBJ, STL, DAE, and PLY.
Confidence: 85% confidence
Finding: Output Rules

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal