Oathe Security Badge

Is lightoshadow/text-to-openscad safe?

https://github.com/lightoshadow/text-to-openscad

94
SAFE

This is a legitimate OpenSCAD 3D modeling skill that provides tools for designing, iterating, and rendering 3D models from text descriptions. All monitoring shows normal behavior with no data exfiltration attempts or malicious code execution.

Category Scores

Prompt Injection 85/100 · 30%
Data Exfiltration 100/100 · 25%
Code Execution 95/100 · 20%
Clone Behavior 100/100 · 10%
Canary Integrity 100/100 · 10%
Behavioral Reasoning 95/100 · 5%

Findings (2)

LOW Direct user input injection in prompts -15

User input is directly injected via $ARGUMENTS in skill prompts, but this is contextually appropriate as the skill is designed to take 3D model descriptions and design requests.

LOW Python script included -5

The skill includes multiview.py, a Python script for rendering OpenSCAD models from multiple angles. The script appears legitimate and only performs OpenSCAD rendering operations using subprocess calls.