Back to skill

Security audit

Fusion 360 Bridge

Security checks across malware telemetry and agentic risk

Overview

This skill is coherent for Fusion 360 automation, but it exposes high-impact raw Python execution through a network-reachable bridge without enough safety boundaries.

Install only if you trust the Fusion Bridge source and will run it in a controlled environment. Prefer localhost-only binding or firewall restrictions, do not expose port 8765 to untrusted networks, and review any raw Python before letting an agent run it because it can change open Fusion projects and may affect the host running Fusion.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Behavioral ASTexec() Call, eval() Call, Dynamic Import
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
97% confidence
Finding
The skill explicitly instructs use of `POST /exec` to send unrestricted raw Python, notes that raw Python is allowed, and states code length is not capped. In a bridge that controls Fusion 360 and can be reached over HTTP, this creates a direct remote code-execution pathway in the Fusion process and potentially on the host, yet the documentation omits strong warnings, authentication expectations, or safety boundaries.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The skill states the bridge listens on `0.0.0.0:8765` by default and emphasizes remote reachability, but does not warn that this exposes a service capable of driving `/exec` over the network. In context, network exposure materially increases the chance that arbitrary code execution or destructive CAD actions can be triggered by unintended local-network or remotely routed clients.

Missing User Warnings

Medium
Confidence
95% confidence
Finding
The documentation explicitly exposes a POST /exec endpoint that runs arbitrary Python inside the Fusion 360 process, and it notes that code length is intentionally uncapped by policy. In the context of an HTTP-accessible bridge for remote control, this is effectively remote code execution against the application environment and can enable destructive CAD changes, data exfiltration from open documents, or pivoting into the host through the scripting runtime if reachable by untrusted parties.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly instructs users to send arbitrary raw Python to a network-exposed `/exec` endpoint and states that raw Python is allowed, code length is uncapped, and execution can run for up to 300 seconds. In a skill file, this normalizes remote code execution without clearly warning that submitted code can modify files, access local resources, manipulate Fusion, or affect the host system; the surrounding context also notes the service binds to `0.0.0.0:8765` by default, which increases exposure if reachable beyond localhost.

VirusTotal

VirusTotal engine telemetry is currently stale for this artifact.

View on VirusTotal

Static analysis

No suspicious patterns detected.