Config is the same across clients — only the file and path differ.
{
"mcpServers": {
"godot": {
"env": {
"DEBUG": "true",
"GODOT_PATH": "/path/to/godot"
},
"args": [
"/absolute/path/to/godot-mcp/build/index.js"
],
"command": "node"
}
}
}Are you the author?
Add this badge to your README to show your security score and help users find safe servers.
A comprehensive Model Context Protocol (MCP) server that gives AI assistants full control over the Godot game engine. 149 tools spanning networking, 3D/2D rendering, UI controls, audio effects, animation trees, file I/O, runtime code execution, property inspection, scene manipulation, signal management, physics, project creation, and more.
Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.
npx -y 'npm' 2>&1 | head -1 && echo "✓ Server started successfully"
After testing, let us know if it worked:
Five weighted categories — click any category to see the underlying evidence.
Packing does not respect root-level ignore files in workspaces
### Impact `npm pack` ignores root-level `.gitignore` & `.npmignore` file exclusion directives when run in a workspace or with a workspace flag (ie. `--workspaces`, `--workspace=<name>`). Anyone who has run `npm pack` or `npm publish` with workspaces, as of [v7.9.0](https://github.com/npm/cli/releases/tag/v7.9.0) & [v7.13.0](https://github.com/npm/cli/releases/tag/v7.13.0) respectively, may be affected and have published files into the npm registry they did not intend to include. ### Patch - Up
Incorrect Permission Assignment for Critical Resource in NPM
An issue was discovered in an npm 5.7.0 2018-02-21 pre-release (marked as "next: 5.7.0" and therefore automatically installed by an "npm upgrade -g npm" command, and also announced in the vendor's blog without mention of pre-release status). It might allow local users to bypass intended filesystem access restrictions because ownerships of /etc and /usr directories are being changed unexpectedly, related to a "correctMkdir" issue.
Local Privilege Escalation in npm
Affected versions of `npm` use predictable temporary file names during archive unpacking. If an attacker can create a symbolic link at the location of one of these temporary file names, the attacker can arbitrarily write to any file that the user which owns the `npm` process has permission to write to, potentially resulting in local privilege escalation. ## Recommendation Update to version 1.3.3 or later.
npm CLI exposing sensitive information through logs
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like `<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>`. The password value is not redacted and is printed to stdout and also to any generated log files.
npm Vulnerable to Global node_modules Binary Overwrite
Versions of the npm CLI prior to 6.13.4 are vulnerable to a Global node_modules Binary Overwrite. It fails to prevent existing globally-installed binaries to be overwritten by other package installations. For example, if a package was installed globally and created a `serve` binary, any subsequent installs of packages that also create a `serve` binary would overwrite the first binary. This will not overwrite system binaries but only binaries put into the global node_modules directory. This b
Click any tool to inspect its schema.
Be the first to review
Have you used this server?
Share your experience — it helps other developers decide.
Sign in to write a review.
Others in entertainment / developer-tools
Copy/paste detector for programming source code, supports 223 formats. AI-ready with token-efficient reporter, skill and MCP server.
XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.
A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.
Manage Supabase projects — databases, auth, storage, and edge functions
MCP Security Weekly
Get CVE alerts and security updates for Godot MCP Server and similar servers.
Start a conversation
Ask a question, share a tip, or report an issue.
Sign in to join the discussion.
A comprehensive Model Context Protocol (MCP) server that gives AI assistants full control over the Godot game engine. 157 tools spanning networking, 3D/2D rendering, UI controls, audio effects, animation trees, file I/O, runtime code execution, property inspection, scene manipulation, signal management, physics, project creation, and more.
This project is built upon and extends godot-mcp by Solomon Elias (Coding-Solo). The original project provided the foundational architecture including the TypeScript MCP server, headless GDScript operations system, and TCP-based runtime interaction server. Thank you for making this possible with your excellent open-source work!
The original godot-mcp provided 20 tools for basic project management and scene creation. This fork extends it to 157 tools with the following major additions:
validate_script autoload resolution - Script validation now compiles the target through a SceneTree at _initialize() (after project autoloads are registered) instead of --check-only at _init(). References to autoload singletons no longer produce false Identifier not found errors, while real syntax/type errors are still caught. Verified building a full game whose scripts reference several autoloads.manage_input_map event merging - Adding a second key to an existing input action now merges it into that action's events array (with physical_keycode de-duplication) instead of writing a duplicate actionname= line, which previously left project.godot malformed and silently dropped earlier bindings.create_project with dotnet: true, create_csharp_script); the .csproj SDK version is matched to your installed Godot.validate_script, and validate_scripts for all git-changed or project-wide files).game_eval - Execute arbitrary GDScript code in the running game with return valuesawait support for async GDScript codePROCESS_MODE_ALWAYS)game_get_property / game_set_property - Read/write any property on any node by pathgame_call_method - Call any method on any node with argumentsgame_get_node_info - Full node introspection: properties, signals, methods, childrengame_instantiate_scene - Dynamically add scenes to the running gamegame_remove_node - Remove nodes at runtimegame_change_scene - Switch scenes at runtimegame_reparent_node - Move nodes between parents