Back to skill

Security audit

moonraker

Security checks across malware telemetry and agentic risk

Overview

This skill openly controls a configured Moonraker/Klipper 3D printer, including disruptive actions, and its behavior matches that purpose.

Install this only if you want an agent to control the printer at MOONRAKER_HOST. Keep that host pointed at a trusted local printer, and require explicit confirmation before pause, cancel, emergency stop, or firmware restart because those actions can stop a print, waste material, or require recovery.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • MCP Least PrivilegeUnderdeclared Capability, Wildcard Permission, Missing Permission Declaration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (2)

Lp3

Medium
Category
MCP Least Privilege
Confidence
88% confidence
Finding
The skill advertises operational shell usage via a helper script and curl commands but does not declare corresponding permissions. Undeclared shell capability reduces transparency and weakens policy enforcement, making it easier for a skill to invoke local commands or network actions without explicit review. In this context the shell is used to control a physical device over HTTP, which increases the consequences of hidden capability use.

Missing User Warnings

Medium
Confidence
81% confidence
Finding
The skill exposes disruptive printer-control actions such as pause, cancel, emergency stop, and firmware restart without consistently warning users about job interruption, state loss, or recovery requirements at the point those commands are presented. For a physical device, insufficient safety prompting can lead to accidental print failure, wasted material, or abrupt hardware state changes. The context makes this more dangerous because these commands affect real-world equipment, not just software state.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.