ClawHub

Flashforge 3D Print

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate 3D-printer automation skill, but it exposes real printer control and camera access without enough safety, privacy, or configuration guardrails.

Install only if you are authorized to control the printer and can inspect the missing controller script before running it. Replace the hardcoded printer details with your own local configuration, rotate the exposed check code if it is real, secure the camera feed, and require explicit confirmation before any action that starts, stops, pauses, homes, heats, or moves the printer.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The skill advertises direct physical control of a network-connected 3D printer, including start, pause, and stop actions, but provides no safety guidance, authorization checks, or warning about the real-world consequences of interrupting or initiating a print. In this context, those commands can waste material, damage an in-progress job, or create physical risk if issued unintentionally or by an unauthorized user.

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The skill exposes camera snapshot capability and even publishes local camera endpoints without discussing privacy, authentication, or network exposure. That can encourage users to access an unauthenticated camera feed on the network, potentially revealing workspace contents, people, or sensitive operational details.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal