LPM treats this as warn-only first-party agent extension lifecycle risk. The package provides a host-integrated Unity agent extension. A runtime action can manage a local Unity editor and register its local MCP bridge; no install-time or external-network attack was confirmed.
Static reason
High-risk behavior combination matched malicious policy.
Trigger
A Dynamo host invokes the package's `project_open` runtime action after creating the provider.
Impact
Can launch or relaunch a user Unity project and expose its local bridge to the Dynamo host.
Mechanism
Local Unity process control and runtime MCP bridge registration.
Rationale
This is not concrete malware: its process, project-file, and loopback-network behavior is package-aligned and runtime-triggered rather than install-time. It still creates a first-party agent-extension control surface with consequential local editor actions, so it warrants a warning.
Evidence
package.jsondist/index.jsdist/parse-worker.jsdist/index.d.tsREADME.md.dynamo/project-index.json.dynamo/kb/kb-index.jsonProjectSettings/DynamoMcpConfig.asset