Back to skill

Security audit

Blender Animation

Security checks across malware telemetry and agentic risk

Overview

This skill is a small, disclosed Blender automation helper that runs local Blender Python scripts to render animations, with no evidence of hidden networking, persistence, credential access, or destructive behavior.

Install only if you are comfortable running generated Blender Python locally. Use a sandbox or low-privilege environment for untrusted prompts, review generated scripts before rendering sensitive projects, and make sure the Blender executable on PATH is from a trusted source.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (1)

Missing User Warnings

Medium
Confidence
93% confidence
Finding
The script passes a user-provided path directly to Blender's `-P` option, which executes the referenced Python script. This is a safety-relevant operation because it runs code that can affect the local system, and the file provides no confirmation prompt, cautionary comment, or user-facing warning before execution.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.