blender_mcp Security Report — Low Risk | ClawSafe

25 /100

blender_mcp

Advanced bridge to Blender via MCP

Legitimate Blender MCP bridge with undeclared subprocess execution but no malicious behavior detected.

Skill Nameblender_mcp

Duration30.0s

Enginepi

✓

Safe to install

Add explicit documentation of subprocess spawning (uvx blender-mcp) in SKILL.md. Pin node-fetch to a specific version.

Findings 2 items

Severity	Finding	Location
Medium	Undeclared subprocess execution Doc Mismatch server.js spawns 'uvx blender-mcp' subprocess via child_process.spawn() but SKILL.md does not declare this shell execution capability. `this.process = spawn(uvxCmd, ['blender-mcp'], { stdio: ['pipe', 'pipe', 'pipe'] })` → Document subprocess spawning in SKILL.md allowed-tools section	`server.js:54`
Low	Unpinned dependency version Supply Chain node-fetch dependency uses ^3.3.2 which allows minor version updates. `"node-fetch": "^3.3.2"` → Pin to exact version: "node-fetch": "3.3.2"	`package.json:13`

Resource	Declared	Inferred	Status	Evidence
Shell	`NONE`	`WRITE`	✗ Violation	server.js:54 - spawn(uvxCmd, ['blender-mcp'], ...)
Network	`READ`	`READ`	✓ Aligned	Communicates with blender-mcp server via stdio JSON-RPC
Filesystem	`NONE`	`READ`	✓ Aligned	server.js:27 - fs.existsSync(localBin)

2 findings

🔗

Medium External URL 外部 URL

https://paypal.me/jimmywarting

package-lock.json:34

🔗

Medium External URL 外部 URL

https://opencollective.com/node-fetch

package-lock.json:93

6 files · 10.9 KB · 347 lines

JavaScript 3f · 164L JSON 2f · 119L Markdown 1f · 64L

├─ 📋 package-lock.json JSON 106L · 3.4 KB

├─ 📋 package.json JSON 13L · 267 B

├─ 📜 server.js JavaScript 114L · 3.0 KB

├─ 📝 SKILL.md Markdown 64L · 2.7 KB

├─ 📜 test_v2.js JavaScript 19L · 711 B

└─ 📜 test.js JavaScript 31L · 961 B

Package	Version	Source	Known Vulns	Notes
`node-fetch`	`^3.3.2`	npm	No	Version not pinned - allows minor updates

✓ No credential harvesting detected

✓ No data exfiltration to external IPs

✓ No obfuscation techniques (base64, eval patterns)

✓ No suspicious network connections to unknown servers

✓ No access to sensitive paths (~/.ssh, ~/.aws, .env)

✓ No reverse shell or C2 behavior

✓ Legitimate Blender MCP bridge functionality confirmed