中文 EN

扫描报告

扫描新文件

可信 — 风险评分 5/100
上次扫描:20 小时前 重新扫描
5 /100
blender-mcp
Integrate Blender MCP (Model Context Protocol) allowing OpenClaw to control Blender for 3D modeling, scene creation, and manipulation
Blender MCP integration skill with properly declared capabilities - the execute_code feature is legitimate Blender automation and runs within Blender's sandboxed Python environment.
技能名称blender-mcp
分析耗时24.9s
引擎pi
可以安装
No action needed. The skill is safe to use.

安全发现 1 项

严重性 安全发现 位置
提示
execute_code command declared 文档欺骗
The SKILL.md explicitly documents an execute_code command for running arbitrary Python in Blender. This is a legitimate feature for Blender automation and runs within Blender's sandboxed Python environment, not at system level.
- `execute_code` - Execute arbitrary Python code in Blender
→ No action needed. This is documented functionality required for Blender control.
 SKILL.md:31
资源类型声明权限推断权限状态证据
命令执行 WRITE WRITE ✓ 一致 scripts/start-server.sh:9 - uvx blender-mcp
网络访问 READ READ ✓ 一致 scripts/test-connection.py:17 - localhost:9876 only
文件系统 NONE NONE No file operations in scripts

目录结构

4 文件 · 7.2 KB · 226 行
Markdown 2f · 149L Python 1f · 65L Shell 1f · 12L
├─ 📁 scripts
│ ├─ 🔧 start-server.sh Shell 12L · 258 B
│ └─ 🐍 test-connection.py Python 65L · 2.2 KB
├─ 📝 README.md Markdown 75L · 2.3 KB
└─ 📝 SKILL.md Markdown 74L · 2.4 KB

安全亮点

✓ No credential harvesting - skill does not access ~/.ssh, ~/.aws, .env, or similar sensitive paths
✓ No network exfiltration - only communicates with localhost:9876 (Blender socket server)
✓ No base64 or obfuscated code present
✓ No reverse shell, C2, or data theft indicators
✓ All capabilities properly declared in SKILL.md
✓ Clean codebase with no suspicious patterns
✓ uvx is a standard Python tool runner with version-pinned dependencies