registry  /  godot-cli  /  0.17.1

godot-cli@0.17.1

Cross-platform CLI tool for Godot-MCP (Skills & MCP). Resolves and launches the Godot editor with MCP connection env vars, runs MCP/system tools over HTTP, probes server health, configures AI agents (Claude Code, Cursor, VS Code, …), and enables/disables

AI Security Review

scanned 2h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.
Trigger
User runs `godot-cli setup-mcp <agent>` or `godot-cli install-plugin --with-server`.
Impact
Configured AI clients may gain the package-defined MCP server connection and tool capability.
Mechanism
Explicit MCP configuration mutation and optional managed binary installation.
Rationale
No concrete malicious chain, credential harvesting, or install-time foreign control-surface mutation was found. Warn because explicit AI-agent config mutation and optional binary installation are dangerous capabilities requiring user awareness.
Evidence
package.jsonbin/godot-cli.jsdist/index.jsdist/lib/setup-mcp.jsdist/utils/agents.jsdist/lib/install-server.jsdist/utils/server-source.jsdist/utils/credentials.jsdist/utils/connection.js.mcp.json.cursor/mcp.json.vscode/mcp.json~/.copilot/mcp-config.json.godot-mcp/credentials.json
Network endpoints2
ai-game.dev/mcpgithub.com/IvanMurzak/GameDev-MCP-Server/releases/download/

Decision evidence

public snapshot
AI called this Suspicious at 87.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `dist/lib/setup-mcp.js` writes MCP client entries only after explicit `setup-mcp` invocation.
  • `dist/utils/agents.js` targets project and user AI-client config paths, including `.mcp.json` and `~/.copilot/mcp-config.json`.
  • `dist/lib/install-server.js` can download, extract, chmod, and later run a managed server binary after explicit `install-plugin --with-server`.
  • `dist/utils/connection.js` defaults MCP traffic to `https://ai-game.dev/mcp`.
Evidence against
  • `package.json` has no `preinstall`, `install`, or `postinstall` lifecycle hook.
  • `bin/godot-cli.js` only imports the command entrypoint; command actions require user CLI input.
  • `dist/utils/server-source.js` restricts release downloads to `github.com` and checks SHA-256 before extraction.
  • `dist/utils/credentials.js` stores tokens locally with mode `0600` and adds `credentials.json` to `.gitignore`; no unrelated collection or exfiltration found.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 64 file(s), 347 KB of source, external domains: ai-game.dev, github.com, registry.npmjs.org, www.w3.org

Source & flagged code

4 flagged · loading source
dist/lib/setup-mcp.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/lib/setup-mcp.js` writes MCP client entries only after explicit `setup-mcp` invocation.

dist/lib/setup-mcp.jsView on unpkg
dist/utils/agents.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/utils/agents.js` targets project and user AI-client config paths, including `.mcp.json` and `~/.copilot/mcp-config.json`.

dist/utils/agents.jsView on unpkg
dist/lib/install-server.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/lib/install-server.js` can download, extract, chmod, and later run a managed server binary after explicit `install-plugin --with-server`.

dist/lib/install-server.jsView on unpkg
dist/utils/connection.jsView file
Published source reference
Medium
Ai Review Evidence

`dist/utils/connection.js` defaults MCP traffic to `https://ai-game.dev/mcp`.

dist/utils/connection.jsView on unpkg

Findings

6 Medium5 Low
MediumNetwork
MediumEnvironment Vars
MediumAi Review Evidencedist/lib/setup-mcp.js
MediumAi Review Evidencedist/utils/agents.js
MediumAi Review Evidencedist/lib/install-server.js
MediumAi Review Evidencedist/utils/connection.js
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings