Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"baba-is-eval": {
"args": [
"mcp"
],
"command": "uvx"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
uvx 'mcp' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
MCP Python SDK: WebSocket server transport does not support Host/Origin validation
### Summary In affected versions, the deprecated WebSocket server transport (`mcp.server.websocket.websocket_server`) accepted the WebSocket handshake without applying any `Host` or `Origin` header validation. The `TransportSecuritySettings` mechanism that the SSE and Streamable HTTP transports use for this purpose was not wired into the WebSocket transport, so there was no SDK-level way to restrict which origins could connect. ### Am I affected? Only if a developer's application server exposes
MCP Python SDK: HTTP transports serve session requests without verifying the authenticated principal
### Summary In affected versions, the SSE and Streamable HTTP server transports routed incoming requests to an existing session based only on the session identifier, without verifying that the request was authenticated as the same principal that created the session. Anyone who learned or guessed a session ID could send JSON-RPC messages on that session, regardless of which bearer token the request carried. ### Am I affected? Only if a developer's application server uses an HTTP transport (SSE,
MCP Python SDK: Experimental task handlers allow any client to access and cancel other clients' tasks
### Summary In affected versions, the default request handlers installed by the experimental tasks feature (`server.experimental.enable_tasks()`) did not check which session created a task before acting on it. On a server with more than one connected client, any client could observe, read results from, and cancel tasks belonging to other clients. ### Am I affected? Only if the developer's application server calls `server.experimental.enable_tasks()`. If `grep -r enable_tasks` over their codebas
Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default
### Description The Model Context Protocol (MCP) Python SDK does not enable DNS rebinding protection by default for HTTP-based servers. When an HTTP-based MCP server is run on localhost without authentication using `FastMCP` with streamable HTTP or SSE transport, and has not configured `TransportSecuritySettings`, a malicious website could exploit DNS rebinding to bypass same-origin policy restrictions and send requests to the local MCP server. This could allow an attacker to invoke tools or ac
MCP Python SDK vulnerability in the FastMCP Server causes validation error, leading to DoS
A validation error in the MCP SDK can cause an unhandled exception when processing malformed requests, resulting in service unavailability (500 errors) until manually restarted. Impact may vary depending on the deployment conditions, and presence of infrastructure-level resilience measures. Thank you to Rich Harang for reporting this issue.
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in ai-ml / entertainment
Workspace template + MCP server for Claude Code, Codex CLI, Cursor & Windsurf. Multi-agent knowledge engine (ag-refresh / ag-ask) that turns any codebase into a queryable AI assistant.
The official MCP server implementation for the Perplexity API Platform
Self-hosted URL- and file-to-Markdown service for humans and AI agents - web pages, documents, images, audio, YouTube. PWA + REST + MCP + Claude Code skill, Reddit-aware, refreshable share links.
Dynamic problem-solving through sequential thought chains
MCP Security Weekly
Get CVE alerts and security updates for Baba_is_eval and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
https://github.com/user-attachments/assets/cb6d0d49-b583-46a2-b262-1cf38279a531
We evaluate language models' meta-level reasoning in an interactive setting, like the upcoming ARC-AGI-3, except we use the brilliant puzzle game "Baba Is You". In short, the player manipulates the game rules by pushing word blocks around to form or destroy rules. We provide an MCP server to interact with the game in text format. The project is currently an alpha and not stable. Contributions are welcome, and brave devs with model credits to spare are invited to give it a try.
Data folder
/Users/[username]/Library/Application Support/Steam/steamapps/common/Baba Is You/Baba Is You.app/Contents/Resources/DataC:\Program Files (x86)\Steam\steamapps\common\Baba Is You\Datauv)pip install mcp fastmcp pyautogui configparser
io.lua which in turn require restarting the game)cd baba_is_eval
chmod +x setup.sh
./setup.sh
/Users/[username]/Library/Application Support/Steam/steamapps/common/Baba Is You/Baba Is You.app/Contents/MacOS/Chowdrenmcp dev baba_is_eval/game_mcp.py
On top of this MCP client agnostic setup, you can use a client like Claude Desktop to have a model interact with the server and play the game.
The server provides these tools for interacting with the game:
enter_level(level: str) - Enter a specific level (e.g., "1", "2", "3")get_game_state() - Get the current game state as a matrixexecute_commands(commands: str) - Execute movement commands (e.g., "right,up,down")undo_multiple(n: int) - Undo the last n movesrestart_level() - Restart the current levelleave_level() - Exit the current levelgame_rules(topic: str) - Get help on game rulesThe game state is returned as a matrix like this:
y/x | 1 | 2 | 3 | 4 | 5
----+-----+-----+-----+-----+-----
1 | | | | |
2 | | baba| | |
3 | | | flag| |
4 | | | | |
5 | | | | |
Contributions welcome! Goals listed in order of pressingness.
This works in the dumbest way possible; we reverse engineer the exposed Lua functions, use the mod functionality to read the game state, and write to one of the game state config files using mod hooks, which is then read in by the MCP server. For move and undo inputs, we write Lua files to commands/ from the MCP server to be read in, if detected, in the always mod hook. Perhaps this dooms the project to be brittle and slow forever, but perhaps there is some better way.
Baba is You was created by Hempuli. It is a lovely game, go play it yourself!