ClawHub

bambu-agent

Security checks across malware telemetry and agentic risk

Overview

This skill is a local Bambu Lab printer monitor whose sensitive behavior is mostly disclosed and aligned with its purpose, but users should protect the generated printer credential file.

Install only on a trusted machine and network. Treat config.json as a secret because it contains printer access codes and serial numbers; do not commit it, paste it into chats, or share screenshots/logs containing it. Disable auto-start or stop the service when continuous printer monitoring is not wanted.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
Findings (4)

Missing User Warnings

Medium
Confidence
88% confidence
Finding
The README explicitly instructs users to enter and persist sensitive printer credentials, including the access code and serial number, into config.json, while only later giving a brief generic warning not to leak the file. For an agent skill that manages network-connected devices, encouraging plaintext local storage of operational secrets without stronger guidance on file permissions, encryption, redaction, or exclusion from sharing/version control increases the chance of credential exposure and unauthorized printer access.

Vague Triggers

Medium
Confidence
95% confidence
Finding
The trigger phrase “帮我看看打印机。” is broad and maps to a common natural-language request, which increases the chance of accidental invocation during unrelated conversations. In this skill, accidental activation is more sensitive because it can query LAN-connected printer fleet status and produce proactive voice output, exposing operational details or causing unintended monitoring behavior.

Natural-Language Policy Violations

Medium
Confidence
82% confidence
Finding
The skill content is written entirely in Chinese and implicitly guides Chinese-language interaction without indicating any user language preference or fallback behavior. This can cause users to trigger or receive responses they do not understand, increasing the risk of mistaken consent or missed warnings, though the issue is primarily usability and safety-related rather than a direct security compromise.

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The setup wizard collects sensitive printer credentials, including the access code and serial number, and writes them directly to config.json in plaintext. This creates a local secret exposure risk if the host is multi-user, backed up to insecure locations, committed to source control, or otherwise accessed by an attacker; the lack of any warning makes accidental exposure more likely.

VirusTotal

66/66 vendors flagged this skill as clean.

View on VirusTotal