Blender 资产生成

Security checks across malware telemetry and agentic risk

Overview

This skill is a coherent Blender asset-generation package, with some usability and safety caveats but no evidence of hidden, deceptive, or unrelated behavior.

Install only if you are comfortable running local Blender Python scripts. Use a fresh copied project folder, do not run the scripts against an important open Blender scene, and note that advertised Windows/cloud runner scripts appear to be missing from this package.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (3)

Tp4

High

Category: MCP Tool Poisoning
Confidence: 85% confidence
Finding: The skill claims broad capabilities—cloud Windows support, reference-image guidance, and graceful degradation—but the analysis indicates those features are not actually implemented. This is dangerous because users may rely on nonexistent safeguards or workflows, causing them to run the skill in unsupported environments, make incorrect trust decisions, or expose data/images under false assumptions about processing behavior.

Natural-Language Policy Violations

Low

Confidence: 93% confidence
Finding: The log file contains an absolute path disclosing a specific local username and home-directory structure (/Users/bytedance/...). While this is not directly exploitable by itself, it leaks environment details that can aid fingerprinting, social engineering, or targeted follow-on attacks, especially if logs are shared publicly or bundled with the skill.

Missing User Warnings

Medium

Confidence: 94% confidence
Finding: The script unconditionally selects and deletes all objects in the currently open Blender scene before building the donut. In a local or interactive Blender session, running this against the wrong file can destroy unsaved user work without warning, which is a real safety issue even if it is not a code-execution vulnerability. In this skill context, the risk is somewhat mitigated when used in isolated batch jobs, but the skill explicitly supports local machines, which makes accidental data loss more plausible.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal