Back to skill

Security audit

3d Print Model Splitting

Security checks across malware telemetry and agentic risk

Overview

The skill appears to support a legitimate Blender/STL assembly-checking workflow, but one script may delete the current Blender scene before running.

Review the Blender script before installing or running it. Only run it on a disposable/new Blender scene or after saving a backup of any open .blend file. The safer design would create a temporary scene or collection and delete only objects imported by the script.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The script unconditionally selects and deletes all objects in the currently opened Blender scene before importing the STL files. If run against an existing .blend or in the wrong context, this can destroy user work and saved scene state without warning, which is a real destructive safety issue even if not a traditional security exploit.

VirusTotal

56/56 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.