Back to skill

Security audit

Snapmaker

Security checks across malware telemetry and agentic risk

Overview

This appears to be a legitimate Snapmaker printer controller, but it needs review because it can affect physical hardware and its documented confirmation safeguards do not match the script.

Install only if you are comfortable giving the agent local-network control over a Snapmaker printer. Protect config.json as a secret, keep it out of shared repositories and logs, and require explicit user approval before any start, pause, resume, stop, or file-upload action. Review the safety behavior first because the current script does not prompt for pause, resume, or stop despite the documentation saying state-changing commands require confirmation.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Findings (6)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill clearly requires sensitive capabilities including network access, reading configuration, and likely writing files, yet the manifest does not declare permissions. This weakens transparency and policy enforcement, making it harder for users or a host platform to understand that the skill can discover devices, access credentials, and control hardware on the local network.

Tp4

High
Category
MCP Tool Poisoning
Confidence
84% confidence
Finding
The description emphasizes HTTP control/monitoring, but the documented behavior also performs UDP broadcast discovery and HTTP probing of target/configured IPs. Undisclosed discovery/scanning behavior expands the network footprint and can surprise users or bypass expectations about how narrowly the skill operates.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The documentation instructs users to copy a printer token into config.json but does not treat it as a sensitive secret or warn about secure storage. Anyone who obtains that token may be able to connect to and control the printer, including starting, stopping, or modifying jobs.

Missing User Warnings

Low
Confidence
92% confidence
Finding
The document explicitly reveals the local filesystem path where the Snapmaker authentication token is stored, but it does not warn that the token is a sensitive credential that grants authenticated access to the printer API. In isolation this is low severity, but it can normalize unsafe credential handling and make token discovery easier for users, logs, screenshots, or adjacent tooling that treats the value as non-sensitive.

Autonomous Decision Making

Medium
Category
Excessive Agency
Content
### Safety Flags

- `--yes` - Skip confirmation prompts (use with caution!)
- `--force` - Override safety checks (NOT RECOMMENDED)

All commands that modify state require confirmation unless `--yes` is provided.
Confidence
78% confidence
Finding
Skip confirmation

Instruction Override

High
Category
Prompt Injection
Content
### Safety Flags

- `--yes` - Skip confirmation prompts (use with caution!)
- `--force` - Override safety checks (NOT RECOMMENDED)

All commands that modify state require confirmation unless `--yes` is provided.
Confidence
80% confidence
Finding
Override safety

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.