Is Foundry Vtt Mcp safe to use?

Foundry Vtt Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Foundry Vtt Mcp?

Foundry Vtt Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Foundry Vtt Mcp?

Foundry Vtt Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.

Is Foundry Vtt Mcp actively maintained?

Foundry Vtt Mcp is actively maintained — last commit was 5 days ago. It has 52 GitHub stars.

Foundry Vtt Mcp

Name: Foundry Vtt Mcp
Author: adambdooley

npm · by adambdooley

An MCP (Model Context Protocol) server that bridges Foundry VTT data with Claude Desktop, enabling users to chat with their game world data using their own Claude subscription.

52 13.2M/wk 0 tools GitHub npm

No known CVEs

No license

Actively maintained

Last commit 5d ago

Works with most clients

Transport: stdio, sse, http

0 tools

Grade F

Edit this pageView history

Entertainment

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "foundry-mcp": {
      "env": {
        "FOUNDRY_HOST": "localhost",
        "FOUNDRY_PORT": "31415"
      },
      "args": [
        "path/to/foundry-vtt-mcp/packages/mcp-server/dist/index.js"
      ],
      "command": "node"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/foundry-vtt-mcp)](https://mcppedia.org/s/foundry-vtt-mcp)

Read me

What Foundry Vtt Mcp does

Connect Foundry VTT to Claude Desktop for AI-powered campaign management through the Model Context Protocol (MCP). It currently supports Dungeons and Dragons Fifth Edition and Pathfinder Second Edition. The majority of MCP tools are system agnostic but character creation and compendium tools are only able to work with D&D5e and PF2E.

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'npm' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

59/100across 5 weighted dimensions

How we score →

0255075100

−41

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2022-29244low · fixedCVSS 3.1

Packing does not respect root-level ignore files in workspaces

### Impact `npm pack` ignores root-level `.gitignore` & `.npmignore` file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` with workspaces, as of [v7.9.0](https://github.com/npm/cli/releases/tag/v7.9.0) & [v7.13.0](https://github.com/npm/cli/releases/tag/v7.13.0) respectively, may be affected and have published files into the npm registry they did not intend to include. ### Patch - Up

Affected: >= 7.9.0Fixed in 8.11.0source →

CVE-2018-7408low · fixedCVSS 3

Incorrect Permission Assignment for Critical Resource in NPM

An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). It might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a "correctMkdir" issue.

Affected: >= 0Fixed in 5.7.1source →

CVE-2013-4116info · fixed

Local Privilege Escalation in npm

Affected versions of `npm` use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the `npm` process has permission to write to, potentially resulting in local privilege escalation. ## Recommendation Update to version 1.3.3 or later.

Affected: >= 0Fixed in 1.3.3source →

CVE-2020-15095low · fixedCVSS 3.1

npm CLI exposing sensitive information through logs

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like `<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>`. The password value is not redacted and is printed to stdout and also to any generated log files.

Affected: >= 0Fixed in 6.14.6source →

CVE-2019-16777low · fixedCVSS 3.1

npm Vulnerable to Global node_modules Binary Overwrite

Versions of the npm CLI prior to 6.13.4 are vulnerable to a Global node_modules Binary Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a `serve` binary, any subsequent installs of packages that also create a `serve` binary would overwrite the first binary. This will not overwrite system binaries but only binaries put into the global node_modules directory. This b

Affected: >= 0Fixed in 6.13.4source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Foundry Vtt Mcp safe to use?: Foundry Vtt Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Foundry Vtt Mcp?: Foundry Vtt Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Foundry Vtt Mcp?: Foundry Vtt Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Foundry Vtt Mcp actively maintained?: Foundry Vtt Mcp is actively maintained — last commit was 5 days ago. It has 52 GitHub stars.

Similar servers

Others in entertainment

View all →

com.mux/mcp94

The official MCP Server for the Mux API

179 7

ai.smithery/ChiR24-unreal_mcp_server92

A comprehensive Model Context Protocol (MCP) server that enables AI assistants to control Unreal E…

653 11

Unity Mcp Server92

Unity MCP Server — 268 tools for AI-assisted game development. Connect Claude, Cursor, or any MCP client to Unity Editor & Unity Hub. Scene management, GameObjects, components, builds, profiling, Shader Graph, Amplify, terrain, physics, NavMesh, animation, MPPM multiplayer & more. Free & open source by AnkleBreaker Studio.

206 2

Strudel Mcp Server91

A Model Context Protocol (MCP) server that gives Claude direct control over Strudel.cc for AI-assisted music generation and live coding.

203 34

MCP Security Weekly

Get CVE alerts and security updates for Foundry Vtt Mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Entertainment

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse, http · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "foundry-mcp": {
      "env": {
        "FOUNDRY_HOST": "localhost",
        "FOUNDRY_PORT": "31415"
      },
      "args": [
        "path/to/foundry-vtt-mcp/packages/mcp-server/dist/index.js"
      ],
      "command": "node"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/foundry-vtt-mcp)](https://mcppedia.org/s/foundry-vtt-mcp)

Read me

What Foundry Vtt Mcp does

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y 'npm' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

Foundry VTT MCP Bridge

Connect Foundry VTT to Claude Desktop for AI-powered campaign management through the Model Context Protocol (MCP). It currently supports Dungeons and Dragons Fifth Edition, Pathfinder Second Edition, Das Schwarze Augen Fifth Edition, & Cosmere RPG System. The majority of MCP tools are system agnostic or have features that are aware of the system it is working with, excluding some DSA 5 specific tools.

Overview

The Foundry MCP Bridge enables natural AI conversations with your Foundry VTT game data:

Quest Creation: Create quests from prompts that incorporate what exists in your world and journals
Character Management: Query character stats, abilities, and information
Compendium Search: Find items, spells, and creatures using natural language
Content Creation: Generate actors, NPCs, and quest journals from simple prompts
Scene Information: Access current scene data and world details
Dice Coordination: Interactive roll requests with player targeting
Campaign Management: Multi-part quest and campaign tracking
Map Generation: Create maps from prompts and automatically upload them into scenes in Foundry VTT using the optional ComfyUI component

This project was built with the assistance of Claude Code. If you like this project, consider supporting it on Patreon.

Installation

Prerequisites

Foundry VTT v13 or v14
Claude Desktop with MCP support
Windows (for automated installer) or Node.js 18+ for manual installation

Option 1: Windows Installer

Video guide for Windows Installer

Download the latest FoundryMCPServer-Setup-vx.x.x.exe from Releases
Run the installer - it will:
- Install the MCP server with bundled Node.js runtime
- Configure the Claude Desktop MCP server settings
- Optionally install the Foundry module and ComfyUI Map Generation to your VTT installation
- Choose Cuda version for your GPU type during install
Restart Claude Desktop
Enable "Foundry MCP Bridge" in your Foundry Module Management

Option 2: Mac Installer

Download the latest FoundryMCPServer-vx.x.x.dmg from Releases
Run the package installer inside the dmg - it will:
- Open DMG and double-click the PKG installer
- Configure the Claude Desktop MCP server settings
- Optionally install the Foundry module and ComfyUI Map Generation to your Foundry VTT installation
Restart Claude Desktop
Enable "Foundry MCP Bridge" in your Foundry Module Management

Option 3: Manual Installation

Install the Foundry Module

Open Foundry VTT (v13 or v14)
Select install module in the Foundry Add-ons menu
At the bottom of the window, add the Manifest URL as: https://github.com/adambdooley/foundry-vtt-mcp/blob/master/packages/foundry-module/module.json and click install
Enable "Foundry MCP Bridge" in Module Management
- Do not change the module ID or folder name. The MCP backend and the Claude integration both expect the module to live in a directory called foundry-mcp-bridge. Renaming the ID in module.json breaks socket routing and stops Claude from seeing the backend.

Install the MCP Server

# Clone repository
git clone https://github.com/adambdooley/foundry-vtt-mcp.git
cd foundry-vtt-mcp

# Install dependencies and build
npm install
npm run build

Configure Claude Desktop

Add this to your Claude Desktop configuration (claude_desktop_config.json) file:

{
  "mcpServers": {
    "foundry-mcp": {
      "command": "node",
      "args": ["path/to/foundry-vtt-mcp/packages/mcp-server/dist/index.js"],
      "env": {
        "FOUNDRY_HOST": "localhost",
        "FOUNDRY_PORT": "31415"
      }
    }
  }
}

Starting Cla

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

59/100across 5 weighted dimensions

How we score →

0255075100

−41

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2022-29244low · fixedCVSS 3.1

Packing does not respect root-level ignore files in workspaces

Affected: >= 7.9.0Fixed in 8.11.0source →

CVE-2018-7408low · fixedCVSS 3

Incorrect Permission Assignment for Critical Resource in NPM

Affected: >= 0Fixed in 5.7.1source →

CVE-2013-4116info · fixed

Local Privilege Escalation in npm

Affected: >= 0Fixed in 1.3.3source →

CVE-2020-15095low · fixedCVSS 3.1

npm CLI exposing sensitive information through logs

Affected: >= 0Fixed in 6.14.6source →

CVE-2019-16777low · fixedCVSS 3.1

npm Vulnerable to Global node_modules Binary Overwrite

Affected: >= 0Fixed in 6.13.4source →

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Foundry Vtt Mcp safe to use?: Foundry Vtt Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Foundry Vtt Mcp?: Foundry Vtt Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Foundry Vtt Mcp?: Foundry Vtt Mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse and http transport.
Is Foundry Vtt Mcp actively maintained?: Foundry Vtt Mcp is actively maintained — last commit was 5 days ago. It has 52 GitHub stars.