MCP server for interfacing with Godot game engine. Provides tools for launching the editor, running projects, and capturing debug output.
Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"godot": {
"env": {
"DEBUG": "true"
},
"args": [
"@coding-solo/godot-mcp"
],
"command": "npx",
"disabled": false,
"autoApprove": [
"launch_editor",
"run_project",
"get_debug_output",
"stop_project",
"get_godot_version",
"list_projects",
"get_project_info",
"create_scene",
"add_node",
"load_sprite",
"export_mesh_library",
"save_scene",
"get_uid",
"update_project_uids"
]
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
A Model Context Protocol (MCP) server for interacting with the Godot game engine.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y '@coding-solo/godot-mcp' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
godot-mcp has Command Injection via unsanitized projectPath
### Impact A Command Injection vulnerability in godot-mcp allows remote code execution. The `executeOperation` function passed user-controlled input (e.g., `projectPath`) directly to `exec()`, which spawns a shell. An attacker could inject shell metacharacters like `$(command)` or `&calc` to execute arbitrary commands with the privileges of the MCP server process. This affects any tool that accepts `projectPath`, including `create_scene`, `add_node`, `load_sprite`, and others. ### Patches
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in entertainment / developer-tools
Copy/paste detector for programming source code, supports 223 formats. AI-ready with token-efficient reporter, skill and MCP server.
XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.
A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.
Manage Supabase projects — databases, auth, storage, and edge functions
MCP Security Weekly
Get CVE alerts and security updates for Godot Mcp and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.