registry  /  unity-mcp-cli  /  0.84.0

unity-mcp-cli@0.84.0

Cross-platform CLI tool for AI Game Developer (Skills & MCP). Full AI develop and test loop. Efficient token usage, advanced tools. Creates Unity project, installs plugins, configures tools, and manages HTTP connection with Unity Editor and a game made wi

AI Security Review

scanned 4h ago · by lpm-firewall-ai

Review flagged AI-agent configuration or capability changes. This remains warn-only unless evidence shows foreign-agent hijack through preinstall/install/postinstall, hidden persistence, exfiltration, remote code execution, or other concrete malicious behavior.

Static reason
No blocking static signals were detected.; previous stored version diff introduced dangerous source
Trigger
User runs `setup-mcp`, `install-plugin --with-server`, or `configure --agent`.
Impact
Can add a Unity MCP endpoint or stdio server command to selected agent configurations; this is an acknowledged capability rather than covert installation behavior.
Mechanism
Explicit MCP-agent configuration and managed server binary lifecycle.
Rationale
This package has real AI-agent configuration and managed-binary capabilities, but they are activated by explicit CLI commands and are not installed automatically. Per policy, explicit user-command agent config mutation is warn-level rather than malicious.
Evidence
package.jsonbin/unity-mcp-cli.jsdist/index.jsdist/lib.jsdist/lib/setup-mcp.jsdist/utils/agents.jsdist/utils/managed-server.jsdist/commands/install-plugin.js<project>/.mcp.json<project>/.cursor/mcp.json<project>/.vscode/mcp.json<project>/.codex/config.toml~/.copilot/mcp-config.json~/.ai-game-dev/server/<rid>/gamedev-mcp-server
Network endpoints2
ai-game.dev/mcpregistry.npmjs.org/unity-mcp-cli/latest

Decision evidence

public snapshot
AI called this Suspicious at 91.0% confidence as Dangerous Capability with low false-positive risk.
Evidence for warning
  • `setup-mcp` explicitly writes MCP entries for multiple AI-agent config files.
  • `agents.js` includes user-home targets such as Copilot, Gemini, Cline, and project Codex configs.
  • `managed-server.js` can download, extract, persist, and later execute a managed MCP binary.
  • `proxyConfigure` executes that managed binary only through an explicit configure command.
Evidence against
  • `package.json` has no preinstall, install, or postinstall lifecycle hook.
  • CLI entrypoint parses user commands; package-root library entry is documented/exported side-effect free.
  • Agent-config writes require explicit `setup-mcp <agent-id>` invocation.
  • Default managed-server release download verifies SHA-256 before extraction; download routine does not launch the binary.
  • Observed network use is update checking, cloud/MCP requests, or explicit server download.
Behavioral surface
Source
ChildProcessCryptoEnvironmentVarsFilesystemNetworkShell
Supply chain
HighEntropyStringsUrlStrings
ManifestNo manifest risk signals triggered.
scanned 58 file(s), 318 KB of source, external domains: ai-game.dev, github.com, package.openupm.com, public-cdn.cloud.unity3d.com, registry.npmjs.org, unity.com

Source & flagged code

1 flagged · loading source
dist/utils/managed-server.jsView file
matchType = previous_version_dangerous_delta matchedPackage = unity-mcp-cli@0.83.1 matchedIdentity = npm:dW5pdHktbWNwLWNsaQ:0.83.1 similarity = 0.880 summary = stored previous version shares package body but lacks this dangerous source file
High
Previous Version Dangerous Delta

This package version adds a dangerous source file absent from the previous stored version; route for source-aware review.

dist/utils/managed-server.jsView on unpkg

Findings

1 High2 Medium5 Low
HighPrevious Version Dangerous Deltadist/utils/managed-server.js
MediumNetwork
MediumEnvironment Vars
LowNon Install Lifecycle Scripts
LowScripts Present
LowFilesystem
LowHigh Entropy Strings
LowUrl Strings