Only the latest commit on master is actively maintained.
This project is a local CLI tool that:
- reads a CSV file from disk
- writes
.scadand.stlfiles to disk - invokes a local OpenSCAD binary as a subprocess
It does not open network connections, handle user authentication, or process untrusted remote input.
Relevant attack surfaces are limited to:
- Maliciously crafted CSV input leading to path traversal or shell injection
- A tampered OpenSCAD binary being invoked via
--openscad
Please do not open a public GitHub Issue for security vulnerabilities.
Instead, use GitHub's private vulnerability reporting to submit details confidentially. You will receive a response within 7 days.
Include:
- A description of the vulnerability
- Steps to reproduce
- Potential impact
- A suggested fix if you have one