freeCAD Scripts

Security checks across malware telemetry and agentic risk

Overview

This is a FreeCAD scripting reference skill with expected macro and workbench examples, but users should review any generated macro before running it.

Install this as a FreeCAD scripting reference, not as a source of macros to run blindly. Review generated Python before execution, only run macros and workbenches from trusted sources, and be cautious with examples that write files, export models, install workbenches, or run at FreeCAD startup.

SkillSpector

By NVIDIA

Vulnerability Patterns

Behavioral ASTexec() Call, eval() Call, Dynamic Import
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (1)

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The document explicitly recommends executing a Python macro from an arbitrary filesystem path using exec(open(...).read()), which runs untrusted local code with the privileges of the FreeCAD process. In a scripting skill, this is especially dangerous because users may copy this pattern into workflows that execute downloaded, generated, or substituted files without validation.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal