中文 EN

Scan Report

Scan New Files

Trusted — Risk Score 5/100
Last scan:20 hr ago Rescan
5 /100
blender-mcp
Integrate Blender MCP (Model Context Protocol) allowing OpenClaw to control Blender for 3D modeling, scene creation, and manipulation
Blender MCP integration skill with properly declared capabilities - the execute_code feature is legitimate Blender automation and runs within Blender's sandboxed Python environment.
Skill Nameblender-mcp
Duration24.9s
Enginepi
Safe to install
No action needed. The skill is safe to use.

Findings 1 items

Severity Finding Location
Info
execute_code command declared Doc Mismatch
The SKILL.md explicitly documents an execute_code command for running arbitrary Python in Blender. This is a legitimate feature for Blender automation and runs within Blender's sandboxed Python environment, not at system level.
- `execute_code` - Execute arbitrary Python code in Blender
→ No action needed. This is documented functionality required for Blender control.
 SKILL.md:31
ResourceDeclaredInferredStatusEvidence
Shell WRITE WRITE ✓ Aligned scripts/start-server.sh:9 - uvx blender-mcp
Network READ READ ✓ Aligned scripts/test-connection.py:17 - localhost:9876 only
Filesystem NONE NONE No file operations in scripts

File Tree

4 files · 7.2 KB · 226 lines
Markdown 2f · 149L Python 1f · 65L Shell 1f · 12L
├─ 📁 scripts
│ ├─ 🔧 start-server.sh Shell 12L · 258 B
│ └─ 🐍 test-connection.py Python 65L · 2.2 KB
├─ 📝 README.md Markdown 75L · 2.3 KB
└─ 📝 SKILL.md Markdown 74L · 2.4 KB

Security Positives

✓ No credential harvesting - skill does not access ~/.ssh, ~/.aws, .env, or similar sensitive paths
✓ No network exfiltration - only communicates with localhost:9876 (Blender socket server)
✓ No base64 or obfuscated code present
✓ No reverse shell, C2, or data theft indicators
✓ All capabilities properly declared in SKILL.md
✓ Clean codebase with no suspicious patterns
✓ uvx is a standard Python tool runner with version-pinned dependencies