Blender Mcp
WarnAudited by ClawScan on May 18, 2026.
Overview
This appears to be a real Blender bridge, but it auto-runs an unpinned external MCP server and exposes broad Blender Python execution without clear safety boundaries.
Install only if you trust the external `blender-mcp` package that `uvx` will run. Before using it, verify and pin the MCP server source/version, keep Blender project backups, and require explicit confirmation before allowing asset downloads or `execute_code` scripts.
Findings (3)
Artifact-based informational review of SKILL.md, metadata, install specs, static scan signals, and capability signals. ClawScan does not execute the skill or run runtime probes.
Using the skill may download or run external code that was not part of this review.
The skill starts a runtime-resolved external `blender-mcp` command through `uvx`; the actual MCP server code and version are not included or pinned in the artifacts, while the metadata declares no install spec or required binary.
this.process = spawn(uvxCmd, ['blender-mcp'], { stdio: ['pipe', 'pipe', 'pipe'], shell: process.platform === 'win32' });Pin the exact `blender-mcp` package/version, declare `uvx` and Blender setup requirements, and document the trusted source before use.
A model-driven action could modify the Blender scene or write project/render files in ways the user did not intend.
The skill explicitly exposes arbitrary Blender Python/BPY execution as a general-purpose tool, including save/render workflows, but does not describe sandboxing, confirmation, or file-scope limits.
`execute_code` | `code` (Python BPY) | Le couteau suisse (Caméra, Rendu, Save).
Require explicit user approval for `execute_code`, limit allowed operations/paths where possible, and keep backups of Blender projects before enabling it.
Low-risk scene queries and high-risk actions are treated the same, increasing the chance of unintended imports, mutations, or script execution.
The bridge forwards the caller-selected tool name and raw arguments directly to the MCP server, with no allowlist, argument validation, or separate approval for higher-impact tools such as downloads or code execution.
const { tool, arguments: args } = inputs; ... const result = await client.callTool(tool, args || {});Add an allowlist, validate arguments, and require confirmation for downloads, saves, renders, and any `execute_code` call.