Back to skill

Security audit

Blender Mcp

Security checks across malware telemetry and agentic risk

Overview

This Blender skill is purpose-aligned, but it gives the agent broad control of Blender, including arbitrary Python execution, without clear safeguards.

Install only if you trust the prompts, projects, Blender addon, and MCP package you will use. Keep the socket on localhost, work on copies of important Blender files, review any generated Python before execution, and prefer scoped Blender tools over arbitrary code execution.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
  • Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code
  • Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Findings (2)

Missing User Warnings

Medium
Confidence
92% confidence
Finding
The README explicitly advertises arbitrary Blender Python execution and direct scene manipulation but provides no warning that this effectively grants code execution inside Blender with access to local files, add-ons, and project assets. In the context of an agent skill, this is dangerous because users may invoke the skill as a high-level modeling tool without realizing it can run arbitrary scripts that alter files, exfiltrate data from accessible paths, or damage scenes and renders.

Missing User Warnings

Medium
Confidence
94% confidence
Finding
The skill explicitly exposes destructive actions (`delete_object`) and arbitrary code execution (`execute_code`) but does not present any clear warning, consent gate, or restriction in the user-facing documentation. In an agent context, these capabilities can enable unintended scene destruction, unsafe automation, or execution of arbitrary Python inside Blender, which may affect local files, installed addons, or connected resources depending on Blender's runtime permissions.

VirusTotal

63/63 vendors flagged this skill as clean.

View on VirusTotal

Static analysis

No suspicious patterns detected.