Security audit

Blender MCP Skill

Security checks across malware telemetry and agentic risk

Overview

This skill is a disclosed Blender automation helper, but it gives an agent powerful local Blender/Python control that users should treat like running code on their machine.

Install only if you intend to let an agent control Blender. Keep the MCP server bound to localhost, review any generated Python before running it, prefer the scoped Blender tools over raw execute_blender_code, and use safe output folders for renders and screenshots.

SkillSpector

By NVIDIA

Vulnerability Patterns

Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
Excessive AgencyUnrestricted Tool Access, Autonomous Decision Making, Scope Creep
Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Supply ChainUnpinned Dependencies, External Script Fetching, Obfuscated Code

Findings (4)

Missing User Warnings

Medium

Confidence: 91% confidence
Finding: The README explicitly advertises arbitrary bpy/Python code execution through the MCP channel but provides no safety warning, trust boundary explanation, or restriction guidance. Because this skill connects an agent to a powerful local application API, users may enable remote code execution inside Blender without understanding that it can read/write files, run subprocesses, or alter local assets.

Missing User Warnings

Medium

Confidence: 93% confidence
Finding: The skill exposes screenshot tools that can capture the entire Blender window or specific UI areas, but it does not clearly warn that on-screen content may include sensitive project data, filenames, embedded assets, or other visible information. In an LLM-driven workflow, this raises confidentiality risk because a user may invoke these tools without realizing they are authorizing image exfiltration of whatever is currently displayed.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The render-to-path tools write files to caller-supplied output paths, but the documentation does not prominently warn that this causes filesystem writes to arbitrary user-specified locations. While this is expected behavior for rendering tools, in an agent context it can still lead to unintended overwrites, clutter, or writes into sensitive directories if path inputs are not carefully constrained.

Missing User Warnings

Low

Confidence: 88% confidence
Finding: The skill documents tools that write render output to arbitrary local paths, but it does not clearly warn that these operations can overwrite existing files or modify the local filesystem. In this skill's context, that risk is more significant than usual because the skill also exposes arbitrary Blender/Python execution and is designed for autonomous tool use, making unintended destructive file writes more plausible.

VirusTotal

64/64 vendors flagged this skill as clean.

View on VirusTotal