registry  /  godot-cli  /  0.17.0

godot-cli@0.17.0

Cross-platform CLI tool for Godot-MCP (Skills & MCP). Resolves and launches the Godot editor with MCP connection env vars, runs MCP/system tools over HTTP, probes server health, configures AI agents (Claude Code, Cursor, VS Code, …), and enables/disables

AI Security Review

scanned 3h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `setup-mcp`, `configure --agent`, `install-plugin --with-server`, or enrollment options.
Impact
A selected AI agent can be configured to trust the chosen Godot-MCP endpoint; a downloaded managed binary may later be executed by an explicit configure command.
Mechanism
User-invoked AI-agent MCP configuration, credential enrollment, and managed-server installation.
Rationale
No concrete malicious chain was found. The explicit AI-agent configuration and downloaded-executable capability warrant a warning under the firewall policy, not a publication block.
Evidence
package.jsonbin/godot-cli.jsdist/commands/setup-mcp.jsdist/utils/agents.jsdist/commands/install-plugin.jsdist/lib/install-server.jsdist/lib/configure-agent.jsdist/utils/enroll.js.mcp.json.cursor/mcp.json.vscode/mcp.json~/.copilot/mcp-config.jsonaddons/godot_mcp
Network endpoints3
ai-game.devai-game.dev/api/auth/enroll/redeemgithub.com/IvanMurzak/GameDev-MCP-Server/releases/download/

Decision evidence

public snapshot
AI called this Suspicious at 89.0% confidence as Dangerous Capability with medium false-positive risk.
Evidence for warning
  • `dist/commands/setup-mcp.js` explicitly configures selected AI agents.
  • `dist/utils/agents.js` writes MCP entries to project and user agent-config paths, including `~/.copilot/mcp-config.json`.
  • `dist/commands/install-plugin.js --enroll` redeems a supplied code and stores returned credentials.
  • `dist/lib/install-server.js` downloads and installs a managed server executable; `dist/lib/configure-agent.js` can spawn it.
  • `dist/utils/enroll.js` POSTs enrollment codes to `${baseUrl}/api/auth/enroll/redeem`.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` hook.
  • `bin/godot-cli.js` only imports the CLI; side effects require a user CLI command.
  • Agent configuration is gated by explicit `setup-mcp <agent-id>` or `configure --agent <id>` commands.
  • Download helpers restrict release URLs to HTTPS `github.com`; server ZIP extraction checks SHA-256 sums before use.
  • No source evidence of environment harvesting, stealth persistence, destructive actions, or unrelated exfiltration.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 64 file(s), 342 KB of source, external domains: ai-game.dev, github.com, registry.npmjs.org, www.w3.org

Source & flagged code

1 flagged · loading source
dist/commands/install-plugin.jsView file
matchType = previous_version_dangerous_delta matchedPackage = godot-cli@0.15.0 matchedIdentity = npm:Z29kb3QtY2xp:0.15.0 similarity = 0.860 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/commands/install-plugin.jsView on unpkg

Findings

1 High2 Medium5 Low
HighPrevious Version Dangerous Deltadist/commands/install-plugin.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings