Skills
skills/earthtojake/text-to-cad/bambu-labs/Gen Agent Trust Hub

bambu-labs

Pass

Audited by Gen Agent Trust Hub on Jun 12, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSDATA_EXFILTRATIONCREDENTIALS_UNSAFE
Full Analysis
  • [COMMAND_EXECUTION]: The scripts/bambu_lan_print.py utility uses subprocess.run to interact with the bambox CLI for packaging and validating print files.
  • The implementation passes arguments as a list and does not use shell=True, which is a secure practice for command execution.
  • [EXTERNAL_DOWNLOADS]: The SKILL.md instructions recommend using the well-known Homebrew package manager to install OrcaSlicer if the user does not have a slicer installed.
  • [DATA_EXFILTRATION]: The skill performs local network operations using FTPS and MQTT protocols to communicate with printers.
  • It incorporates a security check in validate_local_host that restricts communication to private IP address ranges (private, loopback, and link-local).
  • This mechanism prevents the exfiltration of printer data to the public internet by requiring an explicit flag to communicate with non-private hosts.
  • [CREDENTIALS_UNSAFE]: The script manages printer access codes by storing them in a local file named bambu-printers.json within the workspace root.
  • The documentation follows security best practices by instructing the user to ignore this file in version control systems to prevent accidental exposure.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 12, 2026, 07:54 PM
Security Audit — agent-trust-hub — bambu-labs