Bambu Lab

Security checks across malware telemetry and agentic risk

Overview

This printer-control skill is mostly purpose-aligned, but it ships with hardcoded printer credentials and under-disclosed security risks that users should review before installing.

Install only after replacing the bundled host, serial number, and access code with your own secure configuration. Treat the serial and access code as printer credentials, rotate them if they were ever real, and be aware that commands can pause, stop, or otherwise alter a physical print job while monitoring can keep running and store printer status locally.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands

Findings (8)

Lp3

Medium

Category: MCP Least Privilege
Confidence: 80% confidence
Finding: The skill documentation describes capabilities that imply network access, file I/O, and likely environment-variable usage, but no permissions are declared. This creates a transparency and policy-enforcement gap: users and platforms cannot accurately assess or restrict what the skill may access before use.

Tp4

High

Category: MCP Tool Poisoning
Confidence: 88% confidence
Finding: The documented behavior exceeds the declared purpose by including additional control and integration functions such as resume, light control, fan control, raw MQTT output, and notification/file-writing behaviors. This mismatch undermines informed consent and increases the chance that users enable broader device control or data handling than they expected.

Context-Inappropriate Capability

Medium

Confidence: 98% confidence
Finding: The documentation contains a concrete serial number and access code, which are credential-like secrets for controlling a LAN-connected printer. Publishing such values can enable unauthorized access to the device if they are real, and even if they are placeholders, they normalize unsafe secret-handling practices.

Context-Inappropriate Capability

Medium

Confidence: 89% confidence
Finding: The fan-control implementation sends a raw G-code line via the generic `gcode_line` command rather than using a narrower, purpose-built API. Even though the current parameter is locally constructed as `M106 S<pwm>`, exposing generic G-code transport broadens the control mechanism and can normalize a pattern that could be extended to unsafe printer actions, especially in an automation context controlling physical hardware.

Missing User Warnings

Medium

Confidence: 85% confidence
Finding: The documented commands include disruptive and persistent actions such as stopping prints and running background monitoring, but the documentation does not warn about operational impact. In the context of a physical device, unexpected stop/pause/background actions can waste material, interrupt jobs, or leave persistent monitoring processes running without user awareness.

Missing User Warnings

Medium

Confidence: 97% confidence
Finding: The skill description exposes credential-like configuration values without any warning that they are sensitive authentication data. In a networked device-control skill, this is especially dangerous because those values may allow direct MQTT access to a physical printer on the local network.

Missing User Warnings

Medium

Confidence: 88% confidence
Finding: The script publishes operational MQTT commands directly to the printer, allowing state-changing actions such as pause, resume, stop, and light control with minimal user friction. In a device-control skill, missing explicit warnings and guardrails can lead to unintended disruption of an active print job or unsafe remote manipulation, especially because the same script also embeds credentials and can immediately act on a reachable printer.

Missing User Warnings

High

Confidence: 99% confidence
Finding: The script embeds a default host, serial number, and access code directly in source, which exposes live device credentials to anyone who can read the file or logs derived from it. For a LAN-mode printer, these values can enable unauthorized monitoring and control, including pausing or stopping prints and modifying printer state without the owner's consent.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal