PrusaLink

Security checks across malware telemetry and agentic risk

Overview

This is a transparent PrusaLink printer-control wrapper with a real but disclosed HTTP transport caveat.

Install only if you are comfortable letting the agent control the configured printer. Set PRUSALINK_HOST to a trusted local printer, prefer HTTPS if your printer supports it, and use --password-file or a secret store instead of putting credentials directly in commands.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep

Findings (1)

Missing User Warnings

Medium

Confidence: 95% confidence
Finding: The script defaults to plain HTTP while supporting Digest auth and API keys, so credentials and session-related requests may be exposed to interception or manipulation on the local network. In this skill context, the tool is specifically meant to control a printer over the network, which makes insecure-by-default transport more dangerous because it normalizes transmitting authentication material and control actions without TLS.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal