ue5-audio-mcp

This skill documents a local-control interface to an Unreal Editor plugin that legitimately needs broad editor permissions (create assets, modify Blueprints, import files, spawn actors). I found no indicators of remote credential harvesting, obfuscated malicious code, or external network exfiltration: network traffic is limited to localhost (127.0.0.1:9877) and install references are to a public GitHub repository. The main risks are operational/autonomy risk (an agent can make persistent project changes without human confirmation) and local file access (importing arbitrary local files or exporting project assets). These risks are proportionate to the plugin's purpose but require user safeguards: explicit user approval before performing destructive actions, validate file path handling inside the plugin, and limit unattended agents' ability to call these commands. Overall this is not evidently malicious, but it is medium-risk for automated or unreviewed use against a developer's project.