Bambu Printer

Security checks across malware telemetry and agentic risk

Overview

This printer-control skill is purpose-aligned, but it publicly includes a real printer access code and can delete files from the printer without clear safeguards.

Review before installing. Rotate the printer access code if this package has been public, remove real IP/serial/access-code values, store credentials outside the skill, and add explicit confirmation before any delete operation.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access

Findings (6)

Description-Behavior Mismatch

Medium

Confidence: 91% confidence
Finding: The skill description omits that it can delete remote printer files, which is a destructive capability. Users relying on the short description may authorize or invoke the skill without understanding that stored print jobs or media can be permanently removed.

Context-Inappropriate Capability

Medium

Confidence: 93% confidence
Finding: The configuration embeds a note that the skill performs printer operations through external system-signed tools such as curl, perl, and ruby to bypass direct runtime limitations. In a skill that also contains a local IP address and printer access credentials, this expands execution capability beyond simple configuration and creates a dangerous path for command execution, secret misuse, and unauthorized network access if any downstream inputs are attacker-controlled.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The documentation exposes a printer serial number, local IP, and especially a plaintext access code. Anyone with network reachability to the device could use these details to authenticate to the printer services and retrieve, modify, or delete stored files, making this a direct credential disclosure issue.

Missing User Warnings

Medium

Confidence: 90% confidence
Finding: Documenting destructive deletion without warning or confirmation guidance increases the likelihood of accidental or socially induced data loss. In this context, the skill manages printer storage containing print files and timelapse media, so an unsafe delete path can cause irreversible operational loss.

Missing User Warnings

Medium

Confidence: 96% confidence
Finding: The script embeds a fallback default access code (and also a default IP/username) that will be used silently if config loading fails. Hardcoded fallback credentials can cause unintended access to a device, encourage insecure deployments, and may expose control of the printer and its files if the default is valid or reused.

Ssd 3

High

Confidence: 99% confidence
Finding: The skill embeds sufficient plaintext access information to enable direct connection to the printer and retrieval of stored data over FTPS/MQTT-related services. Because the device is a real networked endpoint, this materially increases the chance of unauthorized access, data exfiltration, and destructive tampering by anyone on the same network or with lateral access.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal