ClawHub

Snapmaker U1

Security checks across malware telemetry and agentic risk

Overview

This Snapmaker skill is mostly coherent, but it exposes under-documented printer commands that can directly affect physical hardware.

Install only if you trust this script and understand Snapmaker/Moonraker control. Configure it only for the intended printer, require explicit user confirmation before pause/resume/cancel, and avoid raw G-code unless you personally verify the command and its physical effect.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (4)

Description-Behavior Mismatch

Medium
Confidence
95% confidence
Finding
The documented purpose is monitoring printer state and basic print control, but the interface also advertises a raw `gcode <CMD>` mode that can issue arbitrary printer commands. On a 3D printer, unrestricted G-code can change temperatures, move axes, disable safety limits, or alter machine state in ways far beyond pause/resume/cancel, so this is an unjustified and dangerous expansion of capability.

Context-Inappropriate Capability

High
Confidence
98% confidence
Finding
`cmd_gcode()` takes attacker-controlled command text from CLI arguments and forwards it directly to Moonraker's `/printer/gcode/script` endpoint without validation or restriction. This enables arbitrary machine control, including potentially unsafe heating, motion, EEPROM/config changes, or emergency-disruptive commands, which can damage hardware, ruin prints, or create physical safety hazards.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
State-changing commands like pause, resume, and especially cancel can interrupt or destroy an active print job, wasting material and time and potentially affecting attached hardware workflows. Documenting these commands without warnings or confirmation expectations increases the chance of accidental or unsafe invocation by users or downstream agents.

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The skill exposes raw G-code execution with only a generic 'Sending' message and no explicit warning, preview, confirmation, or hazard classification. In this context, lack of safety interlocks materially increases the chance of accidental or socially engineered misuse, because users may trigger dangerous printer actions believing they are routine skill operations.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal