Back to skill

Security audit

Local-Only 3D Printer Maintenance Assistant

Security checks across malware telemetry and agentic risk

Overview

This is a coherent offline 3D-printer assistant, but users should review any generated G-code before using it on real hardware.

Install only if you are comfortable with an offline assistant that may create printer-related files. Treat any generated G-code as machine instructions: inspect it in a slicer or text viewer, verify temperatures and movement limits for your exact printer, and test cautiously before running it. Check where profiles and logs are saved before sharing exported CSVs.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
86% confidence
Finding
The README advertises automatic calibration G-code generation and maintenance log export without warning users that generated machine instructions can cause unsafe printer movement, heating, or hardware stress if incorrect, and that exported logs may contain sensitive local details. In a hardware-control skill, omitting these cautions increases the chance that users will trust and run outputs directly, creating real safety and data-handling risk even if the feature is intended for benign maintenance use.

Missing User Warnings

Medium
Confidence
91% confidence
Finding
The skill advertises automatic calibration G-code generation plus profile saving and CSV export, but it does not warn users that generated G-code may directly influence printer motion, temperatures, or other hardware-relevant behavior once run on a printer, and that profile/log features write data to local storage. In a 3D-printing context, omission of these warnings can mislead users into treating outputs as inherently safe, increasing the chance of unsafe printer operation, bad calibration commands, or unintended local file writes.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.