godot-mcp-setup
Warn
Audited by Gen Agent Trust Hub on Feb 17, 2026
Risk Level: MEDIUMEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONREMOTE_CODE_EXECUTION
Full Analysis
- EXTERNAL_DOWNLOADS (MEDIUM): Downloads and installs the
@modelcontextprotocol/server-godotpackage from the npm registry. This package and its organization are not on the pre-approved list of trusted sources. - COMMAND_EXECUTION (MEDIUM): Uses PowerShell to read and modify
claude_desktop_config.json, which is the primary configuration file for the agent's host environment. - REMOTE_CODE_EXECUTION (MEDIUM): Employs
npxto fetch and execute remote code. While this is the intended function for MCP servers, executing unverified remote code carries inherent risks. - PERSISTENCE (MEDIUM): By registering a new server in the Claude configuration file, the skill ensures the code executes automatically every time the Claude Desktop application is launched.
- PRIVILEGE_ESCALATION (MEDIUM): Recommends global installation (
npm install -g) and explicitly suggests running PowerShell as Administrator to bypass permission issues, which grants the installation process high-level system access.
Audit Metadata