Back to skill

Security audit

Dxf

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent DXF generator, but users should understand that its DXF inputs are executable Python generator files.

Install this only if you are comfortable with a CAD/DXF workflow that runs Python generator files. Use it on generator sources you or a trusted collaborator created, review unexpected gen_dxf()/gen_step() files before running them, and prefer pinned dependency versions if you need reproducible or higher-assurance installs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
Findings (8)

Lp3

Medium
Category
MCP Least Privilege
Confidence
93% confidence
Finding
The skill instructs the agent to read and write workspace files and invoke Python-based tooling, but it does not declare permissions or bounds for those capabilities. That mismatch weakens policy enforcement and user awareness, making it easier for the skill to access or modify files unexpectedly during DXF generation and validation workflows.

Tp4

High
Category
MCP Tool Poisoning
Confidence
85% confidence
Finding
The skill is presented as a DXF-only helper, but its instructions authorize broader CAD workflows including STEP generation, topology analysis, imports, exports, and use of other tools. This description-behavior mismatch can cause an agent or reviewer to grant trust or permissions appropriate for a narrow 2D export tool while the skill actually drives a much wider set of file-processing and artifact-generation actions.

Description-Behavior Mismatch

High
Confidence
99% confidence
Finding
This code dynamically loads and executes arbitrary Python from an assembly_path via importlib and then calls gen_step(), which gives the loaded file full code-execution privileges in the current process. In a skill advertised for DXF generation/validation, this substantially increases attack surface: a malicious assembly spec can run OS commands, read files, alter imports, or tamper with the environment before any validation occurs.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
The code dynamically imports a Python file from a user-supplied or discovered path and executes it via module_spec.loader.exec_module(), then invokes gen_dxf()/gen_step(). In this skill context, that means using the DXF feature can directly run arbitrary Python code with the privileges of the process, making malicious generator files a straightforward code-execution vector.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The file executes dynamically imported assembly generator code without any warning, consent gate, or visible disclosure at the point of use. That omission increases the likelihood that operators treat assembly files as passive data when they are actually executable code, making social-engineering and supply-chain attacks more effective.

Missing User Warnings

Medium
Confidence
89% confidence
Finding
The implementation silently executes generator Python modules without an explicit user-facing disclosure that selecting a target will run code. In a tooling skill presented as DXF/CAD generation, users may reasonably expect file transformation rather than arbitrary Python execution, increasing the risk of unsafe trust decisions and social-engineering abuse.

Missing User Warnings

Medium
Confidence
84% confidence
Finding
The cleanup routine unlinks and recursively deletes artifact paths derived from step_path without an explicit safety boundary check beyond prior path construction assumptions. If an attacker can influence artifact locations through metadata or path selection, existing directories could be deleted, causing destructive filesystem side effects during generation.

Unpinned Dependencies

Low
Category
Supply Chain
Content
--editable ./scripts/packages/cadpy
ezdxf
Confidence
90% confidence
Finding
ezdxf

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

Detected: suspicious.dynamic_code_execution

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
scripts/packages/cadpy/src/cadpy/assembly_spec.py:243

Dynamic code execution detected.

Critical
Code
suspicious.dynamic_code_execution
Location
scripts/packages/cadpy/src/cadpy/generation.py:738