blender-mcp

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 1.00). This skill intentionally exposes an unauthenticated TCP socket that accepts JSON containing arbitrary Python (bpy) code to be executed inside a running Blender process, and it instructs users to download an external addon from a raw GitHub URL — together these are classic remote-code-execution/backdoor and supply-chain vectors enabling credential theft and data exfiltration.

MEDIUM W012: Unverifiable external dependency detected (runtime URL that controls agent).

• Potentially malicious external URL detected (high risk: 1.00). The skill's one-time setup fetches and installs runtime code from https://raw.githubusercontent.com/ahujasid/blender-mcp/main/addon.py which, when installed in Blender, runs a socket server that accepts and executes arbitrary bpy code, so this external URL is a required dependency that enables remote code execution.

MEDIUM W013: Attempt to modify system services in skill instructions.

• Attempt to modify system services in skill instructions detected (high risk: 1.00). The skill explicitly enables executing arbitrary Python (bpy) code in a running Blender instance over a socket, which allows the agent to perform arbitrary filesystem and system actions (write/modify files, run shell commands, create users, attempt privilege escalation), so it can compromise the host state.