Trust Assessment
blender-interactive received a trust score of 10/100, placing it in the Untrusted category. This skill has significant security findings that require attention before use in production.
SkillShield's automated analysis identified 15 findings: 5 critical, 4 high, 5 medium, and 1 low severity. Key findings include Persistence / self-modification instructions, Arbitrary command execution, Dangerous call: exec().
The analysis covered 4 layers: Manifest Analysis, Static Code Analysis, Dependency Graph, LLM Behavioral Safety. The Static Code Analysis layer scored lowest at 0/100, indicating areas for improvement.
Last analyzed on February 13, 2026 (commit 13146e6a). SkillShield performs automated 4-layer security analysis on AI skills and MCP servers.
Layer Breakdown
Behavioral Risk Signals
Security Findings15
| Severity | Finding | Layer | Location | |
|---|---|---|---|---|
| CRITICAL | Persistence / self-modification instructions systemd service persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/kjaylee/blender-interactive/SKILL.md:235 | |
| CRITICAL | Persistence / self-modification instructions systemd service persistence Remove any persistence mechanisms. Skills should not modify system startup configurations, crontabs, LaunchAgents, systemd services, or shell profiles. | Manifest | skills/kjaylee/blender-interactive/SKILL.md:253 | |
| CRITICAL | Arbitrary command execution Python dynamic code execution (exec/eval/compile) Review all shell execution calls. Ensure commands are static (not built from user input), use absolute paths, and are strictly necessary. Prefer library APIs over shell commands. | Manifest | skills/kjaylee/blender-interactive/blender_socket_addon.py:237 | |
| CRITICAL | Dangerous call: exec() Call to 'exec()' detected in function 'cmd_execute_code'. This can execute arbitrary code. Avoid using dangerous functions like exec/eval/os.system. Use safer alternatives. | Static | skills/kjaylee/blender-interactive/blender_socket_addon.py:237 | |
| CRITICAL | Arbitrary Python Code Execution via execute_code command The `blender_socket_addon.py` script exposes an `execute_code` command that directly executes arbitrary Python code using `exec()`. This command is accessible via the `blender_client.py` script, allowing any user-controlled input to be executed on the host system where the Blender server is running. The SKILL.md explicitly acknowledges this as a feature for 'maximum flexibility' but it represents a severe command injection vulnerability if the input is not strictly controlled. Remove or severely restrict the `execute_code` command. If arbitrary code execution is absolutely necessary, implement a robust sandboxing mechanism (e.g., a separate, isolated environment with limited permissions) and ensure all inputs are validated and sanitized. For most use cases, specific, well-defined commands should replace generic code execution. | LLM | blender_socket_addon.py:209 | |
| HIGH | Potential data exfiltration: file read + network send Function '_download_file' reads files and sends data over the network. This may indicate data exfiltration. Review this function to ensure file contents are not being sent to external servers. | Static | skills/kjaylee/blender-interactive/scripts/polyhaven.py:78 | |
| HIGH | Persistence mechanism: systemd service Detected systemd service pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/kjaylee/blender-interactive/SKILL.md:235 | |
| HIGH | Persistence mechanism: systemd service Detected systemd service pattern. Persistence mechanisms allow malware to survive system restarts. Review this persistence pattern. Skills should not modify system startup configuration. | Static | skills/kjaylee/blender-interactive/SKILL.md:253 | |
| HIGH | Arbitrary File Write/Read via exposed file path parameters Multiple commands in `blender_socket_addon.py` (e.g., `save_blend`, `load_blend`, `import_model`, `export_model`, `render_preview`, `render_to_file`) and file download utilities (`polyhaven.py`, `sketchfab.py`) accept `filepath` or `output_dir` parameters directly from user input. This allows an attacker to specify arbitrary file paths on the host system, potentially leading to overwriting critical system files, reading sensitive data, or planting malicious files. Additionally, `sketchfab.py` extracts downloaded ZIP archives to a user-controlled `output_dir`, which could lead to path traversal vulnerabilities if a malicious ZIP file is downloaded. Implement strict validation and sanitization for all file path parameters. Restrict file operations to a predefined, isolated directory (e.g., a dedicated sandbox folder for the skill). Prevent path traversal by normalizing paths and disallowing '..' segments. For file uploads/downloads, consider using temporary, unique filenames and directories. | LLM | blender_socket_addon.py:395 | |
| MEDIUM | Suspicious import: socket Import of 'socket' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/kjaylee/blender-interactive/blender_socket_addon.py:15 | |
| MEDIUM | Suspicious import: socket Import of 'socket' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/kjaylee/blender-interactive/scripts/blender_client.py:19 | |
| MEDIUM | Suspicious import: requests Import of 'requests' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/kjaylee/blender-interactive/scripts/polyhaven.py:37 | |
| MEDIUM | Suspicious import: urllib.request Import of 'urllib.request' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/kjaylee/blender-interactive/scripts/polyhaven.py:40 | |
| MEDIUM | Suspicious import: urllib Import of 'urllib' detected. This module provides network or low-level system access. Verify this import is necessary. Network and system modules in skill code may indicate data exfiltration. | Static | skills/kjaylee/blender-interactive/scripts/sketchfab.py:20 | |
| LOW | Unpinned Python dependencies The `scripts/polyhaven.py` and `scripts/sketchfab.py` files use external Python libraries like `requests` without specifying exact version pins. While `requests` is a widely used and generally secure library, not pinning dependencies can introduce supply chain risks if a future version of the library contains a vulnerability or malicious code. This is a general best practice for production-grade applications. Pin all external Python dependencies to exact versions using a `requirements.txt` file (e.g., `requests==2.28.1`). Regularly audit and update these dependencies to ensure security patches are applied while maintaining stability. | LLM | scripts/polyhaven.py:13 |
Scan History
Embed Code
[](https://skillshield.io/report/2e2ec28013d8c16b)
Powered by SkillShield