Bambu Lab 3D Printer
ReviewAudited by ClawScan on May 10, 2026.
Overview
The skill is coherently about local Bambu printer control, but it can physically operate the printer and relies on an external CLI plus a stored LAN access code.
Install only after verifying the external @versatly/bambu CLI, keep the LAN access code private, and require clear confirmation before the agent heats, moves, prints, deletes printer files, calibrates, or sends raw G-code.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
If the agent runs the wrong control command, it could heat the nozzle, move printer parts, start or stop a print, delete printer files, or send unsafe G-code.
The skill openly documents commands that heat, move, print, stop, and send raw G-code to a physical device. This is aligned with the printer-control purpose, but misuse could damage prints, hardware, or create safety risk.
`bambu print`, `bambu stop`, `bambu heat`, `bambu move`, `bambu gcode` **control the printer physically**. The nozzle is 200°C+. Use judgment.
Use read-only commands freely, but require explicit confirmation for physical actions; verify the printer is safe and the file/temperature/G-code is intended before allowing execution.
Anyone or any process that can read the stored config may be able to connect to and control the printer on the local network.
The skill requires a LAN access code and stores connection configuration locally. This is expected for LAN printer control, but it is still a credential-like secret for operating the printer.
Need: IP address, serial number, LAN access code ... Config stored at `~/.bambu/config.json`.
Protect the config file, use this only on trusted machines/networks, and rotate or regenerate the LAN access code if you suspect it was exposed.
The static scan did not analyze the external npm package, and a global npm install can run code with the installing user's permissions.
The reviewed artifact is instruction-only and depends on an external globally installed npm CLI that is not included in the provided files for inspection.
CLI: `@versatly/bambu` installed globally (`npm i -g @versatly/bambu`)
Verify the npm package publisher and source, consider pinning a known version, and install it only if you trust that package.