Is Nuke_mcp safe to use?

Nuke_mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.

How do I install Nuke_mcp?

Nuke_mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Nuke_mcp do?

Nuke_mcp provides 13 tools: get_script_info, get_node_info, create_node, modify_node, delete_node and 8 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Nuke_mcp?

Nuke_mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse transport.

Is Nuke_mcp actively maintained?

Nuke_mcp is less actively maintained — last commit was 207 days ago. It has 27 GitHub stars.

Nuke_mcp

Name: Nuke_mcp
Author: dughogan

fastmcp · by dughogan

MCP Server and Tool code for Nuke

27 13 tools GitHub PyPI

No known CVEs

No license

Stale

Last commit 207d ago

Works with most clients

Transport: stdio, sse

13 tools · ~749 tok

Grade B · 0.4% of 200K ctx

Edit this pageView history

Design Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "nuke": {
      "args": [
        "/path/to/your/nuke-mcp/main.py"
      ],
      "command": "python",
      "trusted": true
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/nuke-mcp)](https://mcppedia.org/s/nuke-mcp)

Read me

What Nuke_mcp does

A bridge between The Foundry's Nuke and AI systems using the Model Context Protocol (MCP).

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'fastmcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

74/100across 5 weighted dimensions

How we score →

0255075100

−26

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2026-32871low · fixedCVSS 3.1

FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

## Technical Description The `OpenAPIProvider` in FastMCP exposes internal APIs to MCP clients by parsing OpenAPI specifications. The `RequestDirector` class is responsible for constructing HTTP requests to the backend service. A critical vulnerability exists in the `_build_url()` method. When an OpenAPI operation defines path parameters (e.g., `/api/v1/users/{user_id}`), the system directly substitutes parameter values into the URL template string **without URL-encoding**. Subsequently, `urll

Affected: >= 0Fixed in 3.2.0source →

CVE-2026-27124medium · fixedCVSS 4

FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

## Summary While testing the *GitHubProvider* OAuth integration, which allows authentication to a FastMCP MCP server via a FastMCP OAuthProxy using GitHub OAuth, it was discovered that the FastMCP OAuthProxy does not properly validate the user's consent upon receiving the authorization code from GitHub. In combination with GitHub’s behavior of skipping the consent page for previously authorized clients, this introduces a Confused Deputy vulnerability. ## Technical Details An adversary can initi

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-64340low · fixedCVSS 3.1

FastMCP has a Command Injection vulnerability - Gemini CLI

Server names containing shell metacharacters (e.g., `&`) can cause command injection on Windows when passed to `fastmcp install claude-code` or `fastmcp install gemini-cli`. These install paths use `subprocess.run()` with a list argument, but on Windows the target CLIs often resolve to `.cmd` wrappers that are executed through `cmd.exe`, which interprets metacharacters in the flattened command string. PoC: ```python from fastmcp import FastMCP mcp = FastMCP(name="test&calc") @mcp.tool def rol

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-69196medium · fixedCVSS 4

FastMCP OAuth Proxy token reuse across MCP servers

While testing the OAuth Proxy implementation, it was noticed that the server does not properly respect the `resource` parameter submitted by the client in the authorization and token request. Instead of issuing the token explicitly for this MCP server, the token is issued for the `base_url` passed to the `OAuthProxy` during initialization. **Affected File:** *https://github.com/jlowin/fastmcp/blob/main/src/fastmcp/server/auth/oauth_proxy.py#L828* **Affected Code:** ```python self._jwt_issuer:

Affected: >= 0Fixed in 2.14.2source →

GHSA-rcfx-77hg-w2wvinfo · fixed

FastMCP updated to MCP 1.23+ due to CVE-2025-66416

There was a recent CVE report on MCP: https://nvd.nist.gov/vuln/detail/CVE-2025-66416. FastMCP does not use any of the affected components of the MCP SDK directly. However, FastMCP versions prior to 2.14.0 did allow MCP SDK versions <1.23 that were vulnerable to CVE-2025-66416. Users should upgrade to FastMCP 2.14.0 or later.

Affected: >= 0Fixed in 2.14.0source →

Inventory

Tools (13)

Click any tool to inspect its schema.

~749 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Nuke_mcp safe to use?: Nuke_mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Nuke_mcp?: Nuke_mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Nuke_mcp do?: Nuke_mcp provides 13 tools: get_script_info, get_node_info, create_node, modify_node, delete_node and 8 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Nuke_mcp?: Nuke_mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse transport.
Is Nuke_mcp actively maintained?: Nuke_mcp is less actively maintained — last commit was 207 days ago. It has 27 GitHub stars.

Similar servers

Others in design / developer-tools

View all →

XcodeBuildMCP97

A Model Context Protocol (MCP) server and CLI that provides tools for agent use when working on iOS and macOS projects.

5.8k 2

XcodeBuildMCP97

XcodeBuildMCP provides tools for Xcode project management, simulator management, and app utilities.

5.8k 1

Mcp_agent_mail96

Asynchronous coordination layer for AI coding agents: identities, inboxes, searchable threads, and advisory file leases over FastMCP + Git + SQLite

2.0k 6

Figma Console Mcp96

MCP server for accessing Figma plugin console logs and screenshots via Cloudflare Workers or local mode

1.7k 2

MCP Security Weekly

Get CVE alerts and security updates for Nuke_mcp and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Design Developer Tools

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio, sse · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "nuke": {
      "args": [
        "/path/to/your/nuke-mcp/main.py"
      ],
      "command": "python",
      "trusted": true
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/nuke-mcp)](https://mcppedia.org/s/nuke-mcp)

Read me

What Nuke_mcp does

A bridge between The Foundry's Nuke and AI systems using the Model Context Protocol (MCP).

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

uvx 'fastmcp' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

Nuke-MCP

A bridge between The Foundry's Nuke and AI systems using the Model Context Protocol (MCP).

Overview

Nuke-MCP allows AI assistants to interact with Nuke through a socket connection, enabling them to:

Get information about Nuke scripts
Create, modify, and delete nodes
Position nodes in the node graph
Connect nodes together
Control playback and rendering
Execute arbitrary Python code in Nuke

Components

Nuke Addon (nuke_mcp_addon.py): A Nuke script that creates a socket server within Nuke
MCP Server (nuke_mcp_server.py): A Python server that connects to the Nuke addon and exposes tools to AI systems
Entry Point (main.py): A simple script to start the MCP server

Installation

Prerequisites

The Foundry's Nuke (any recent version should work)
Python 3.7+
FastMCP package
Claude Desktop

Installing the FastMCP package

pip install fastmcp

Installing Nuke-MCP

Clone or download this repository
Copy nuke_mcp_addon.py to your Nuke scripts folder or a location in your Nuke Python path

Usage

Installing the Nuke Addon

Copy the Addon File:
- Take the nuke_mcp_addon.py file and place it in a location where Nuke can find it:
  - Copy it to your Nuke scripts folder (usually in ~/.nuke/python on Linux/Mac or in your home directory on Windows)
  - Or place it in a folder that's in your Nuke Python path
Create a Startup Script (Recommended):
- Create or edit an existing init.py file in your .nuke directory
- Add the following line to automatically load the addon when Nuke starts and making sure you're pointing to the python subfolder where the MCP tools live:
```
nuke.pluginAddPath("./python")

import nuke_mcp_addon
```
Manual Loading (Alternative):
- If you don't want to load it automatically, you can manually load it each time by:
  - Opening Nuke
  - Make sure you have a python subfolder setup in the init.py where the MCP tools live
  - Going to the Script Editor panel
  - Running import nuke_mcp_addon

Docking the NukeMCP Panel

By default, the NukeMCP panel opens as a floating window. If you prefer to have it docked in Nuke's interface, you can modify the NukeMCPPanel class in nuke_mcp_addon.py:

# Find the NukeMCPPanel class definition (around line 380)
class NukeMCPPanel(nukescripts.PythonPanel):
    def __init__(self):
        nukescripts.PythonPanel.__init__(self, 'Nuke MCP', 'com.example.NukeMCP')
        # ... existing code ...

# Add this method to enable docking
    def addToPane(self):
        pane = nuke.getPaneFor('Properties.1')
        if not pane:
            pane = nuke.getPaneFor('Viewer.1')
        self.setMinimumSize(300, 200)  # Set a reasonable minimum size
        return pane.addPermanentAsQWidget(self)

# Modify the show_panel function to use docking
def show_panel():
    """Show the NukeMCP panel"""
    global _panel
    if _panel is None:
        _panel = NukeMCPPanel()
    
    # Show as docked panel instead of floating window
    pane = _panel.addToPane()
    if pane:
        _panel.setParent(pane)

You can also modify how the panel appears in the menu. Based on your menu.py file, you have:

# MCP Tools
nuke.toolbar("Nodes").addCommand('NukeMCP/NukeMCP Panel', 'nuke_mcp_addon.show_panel()')

To ensure it's properly integrated with your existing toolbar structure, make sure this line is uncommented in your menu.py file.

Troubleshooting

To use Nuke-MCP with Claude Desktop, follow these steps:

Download and Install Claude Desktop:
- Download Claude Desktop from Anthropic's website
- Install and set up your account
Enable Developer Mode:
- Open Claude Desktop
- Go to Settings
- Enable Developer Mode (this might require specific permissions)
Edit the Configuration File:
- In Claude Desktop settings, click "Edit Config" (or directly ed

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

74/100across 5 weighted dimensions

How we score →

0255075100

−26

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

8 fixed

CVE-2026-32871low · fixedCVSS 3.1

FastMCP OpenAPI Provider has an SSRF & Path Traversal Vulnerability

Affected: >= 0Fixed in 3.2.0source →

CVE-2026-27124medium · fixedCVSS 4

FastMCP: Missing Consent Verification in OAuth Proxy Callback Facilitates Confused Deputy Vulnerabilities

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-64340low · fixedCVSS 3.1

FastMCP has a Command Injection vulnerability - Gemini CLI

Affected: >= 0Fixed in 3.2.0source →

CVE-2025-69196medium · fixedCVSS 4

FastMCP OAuth Proxy token reuse across MCP servers

Affected: >= 0Fixed in 2.14.2source →

GHSA-rcfx-77hg-w2wvinfo · fixed

FastMCP updated to MCP 1.23+ due to CVE-2025-66416

Affected: >= 0Fixed in 2.14.0source →

Inventory

Tools (13)

Click any tool to inspect its schema.

~749 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Nuke_mcp safe to use?: Nuke_mcp has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments.
How do I install Nuke_mcp?: Nuke_mcp supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Nuke_mcp do?: Nuke_mcp provides 13 tools: get_script_info, get_node_info, create_node, modify_node, delete_node and 8 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Nuke_mcp?: Nuke_mcp is compatible with claude-desktop, cursor, claude-code. It uses stdio and sse transport.
Is Nuke_mcp actively maintained?: Nuke_mcp is less actively maintained — last commit was 207 days ago. It has 27 GitHub stars.