Is Godot Mcp safe to use?

Godot Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Godot Mcp?

Godot Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Godot Mcp do?

Godot Mcp provides 14 tools: launch_editor, run_project, get_debug_output, stop_project, get_godot_version and 9 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Godot Mcp?

Godot Mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and http transport.

Is Godot Mcp actively maintained?

Godot Mcp is actively maintained — last commit was 21 days ago. It has 2,946 GitHub stars.

Godot Mcp

MCP server for interfacing with Godot game engine. Provides tools for launching the editor, running projects, and capturing debug output.

ActiveNot tested

Entertainment

★ 2.9k↓ 1.6k/wknpm GitHub

87ANo CVEsactive14 toolsMIT

Quick Install

{
  "mcpServers": {
    "godot": {
      "env": {
        "DEBUG": "true"
      },
      "args": [
        "@coding-solo/godot-mcp"
      ],
      "command": "npx",
      "disabled": false,
      "autoApprove": [
        "launch_editor",
        "run_project",
        "get_debug_output",
        "stop_project",
        "get_godot_version",
        "list_projects",
        "get_project_info",
        "create_scene",
        "add_node",
        "load_sprite",
        "export_mesh_library",
        "save_scene",
        "get_uid",
        "update_project_uids"
      ]
    }
  }
}

Setup guide

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/godot-mcp)](https://mcppedia.org/s/godot-mcp)

Should you use this server?

MCP server for interfacing with Godot game engine. Provides tools for launching the editor, running projects, and capturing debug output.

✓

Is it safe?

No known CVEs for @coding-solo/godot-mcp. 1 previously resolved.

No authentication — any process on your machine can connect.

MIT. View license →

✓

Is it maintained?

Last commit 21 days ago. 2,946 stars. 1,561 weekly downloads.

Will it work with my client?

Transport: stdio, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

Score Breakdown

MCPpedia Score

Click each category to see evidence

87A

Last scored 1d ago

How we score →

Tools (14)

launch_editor

Open the Godot editor for a specific project

run_project

Execute Godot projects in debug mode

get_debug_output

Retrieve console output and error messages from running projects

stop_project

Stop a running Godot project

get_godot_version

Retrieve the installed Godot version

list_projects

Find Godot projects in a specified directory

get_project_info

Get detailed information about project structure

create_scene

Create new scenes with specified root node types

add_node

Add nodes to existing scenes with customizable properties

load_sprite

Load sprites and textures into Sprite2D nodes

Security

28/30

No open vulnerabilities. 1 fixed CVE.

✓

Known CVEs — No known CVEs for @coding-solo/godot-mcpcheck OSV.dev

✗

Tool safety — Found: code execution

✓

Tool poisoning — No poisoning indicators detected

○

Injection vectors — Found: unconstrained exec input

✓

Tool stability — Tool definitions stable

○

Dependency health — found on deps.dev, recently updated

✓

License — License: MIT

○

Authentication — No authentication required

○

Repository — active repo

Advisories (0 open, 1 fixed)

lowCVSS 3.1CVE-2026-25546Fixed

godot-mcp has Command Injection via unsanitized projectPath

### Impact A Command Injection vulnerability in godot-mcp allows remote code execution. The `executeOperation` function passed user-controlled input (e.g., `projectPath`) directly to `exec()`, which spawns a shell. An attacker could inject shell metacharacters like `$(command)` or `&calc` to execute arbitrary commands with the privileges of the MCP server process. This affects any tool that accepts `projectPath`, including `create_scene`, `add_node`, `load_sprite`, and others. ### Patches

Affected: >= 0Fixed in 0.1.1Published Feb 4, 2026source \u2192

CVEs checked daily via OSV.dev. Score algorithm is open source.

Frequently Asked Questions

Is Godot Mcp safe to use?: Godot Mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Godot Mcp?: Godot Mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Godot Mcp do?: Godot Mcp provides 14 tools: launch_editor, run_project, get_debug_output, stop_project, get_godot_version and 9 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Godot Mcp?: Godot Mcp is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and http transport.
Is Godot Mcp actively maintained?: Godot Mcp is actively maintained — last commit was 21 days ago. It has 2,946 GitHub stars.

Godot Mcp

Quick Install

Should you use this server?

Score Breakdown

MCPpedia Score

Test This Server

Tools (14)

Help improve this page

Security

Advisories (0 open, 1 fixed)

Reviews

Frequently Asked Questions

Similar servers

MediaWiki MCP Server

Apple Docs Mcp

Ggmcp

Mcp Server Youtube Transcript

Discussion