Is Unitree Go2 Mcp Server safe to use?

Unitree Go2 Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.

How do I install Unitree Go2 Mcp Server?

Unitree Go2 Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What AI clients work with Unitree Go2 Mcp Server?

Unitree Go2 Mcp Server is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and http transport.

Is Unitree Go2 Mcp Server actively maintained?

Unitree Go2 Mcp Server is less actively maintained — last commit was 332 days ago. It has 76 GitHub stars.

Unitree Go2 Mcp Server

The Unitree Go2 MCP Server is a server built on the MCP that enables users to control the Unitree Go2 robot using natural language commands interpreted by a LLM.

StaleNot tested

AI / ML

★ 76PyPI GitHub

51CNo CVEsstaleApache-2.0

Quick Install

{
  "mcpServers": {
    "unitree-go2-mcp-server": {
      "args": [
        "uv"
      ],
      "command": "uvx"
    }
  }
}

Setup guide

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/unitree-go2-mcp-server)](https://mcppedia.org/s/unitree-go2-mcp-server)

Should you use this server?

The Unitree Go2 MCP Server is a server built on the Model Context Protocol (MCP) that enables users to control the Unitree Go2 robot using natural language commands interpreted by a Large Language Model (LLM). These commands are translated into ROS2 instructions, allowing the robot to perform corresponding actions.

✓

Is it safe?

No known CVEs for uv. 3 previously resolved.

No authentication — any process on your machine can connect.

Apache-2.0. View license →

Is it maintained?

Last commit 332 days ago. 76 stars.

Will it work with my client?

Transport: stdio, http. Works with Claude Desktop, Cursor, Claude Code, and most MCP clients.

Test This Server

This server supports HTTP transport. Be the first to test it — help the community know if it works.

Score Breakdown

MCPpedia Score

Click each category to see evidence

51C

Last scored 1d ago

How we score →

Security

23/30

Advisories (0 open, 3 fixed)

mediumCVSS 4CVE-2025-13327Fixed

uv allows ZIP payload obfuscation through parsing differentials

### Impact In versions 0.9.5 and earlier of uv, ZIP archives were handled in a manner that enabled two parsing differentials against other components of the Python packaging ecosystem: 1. Central directory entries in a ZIP archive can contain comment fields. However, uv would assume that these fields were not present, since they aren't widely used. Consequently, a ZIP archive could be constructed where uv would interpret the contents of a central directory comment field as ZIP control structur

Affected: >= 0Fixed in 0.9.6Published Oct 29, 2025source \u2192

infoGHSA-w476-p2h3-79g9Fixed

uv has differential in tar extraction with PAX headers

### Impact In versions 0.9.4 and earlier of uv, tar archives containing PAX headers with file size overrides were not handled properly. As a result, an attacker could contrive a source distribution (as a tar archive) that would extract differently when installed via uv versus other Python package installers. The underlying parsing differential here originates with astral-tokio-tar, which disclosed this vulnerability as CVE-2025-62518. In practice, the impact of this vulnerability is **low**:

Affected: >= 0Fixed in 0.9.5Published Oct 21, 2025source \u2192

mediumCVSS 4CVE-2025-54368Fixed

uv allows ZIP payload obfuscation through parsing differentials

## Impact In versions 0.8.5 and earlier of uv, remote ZIP archives were handled in a streamwise fashion, and file entries were not reconciled against the archive's central directory. This enabled two parser differentials against other Python package installers: 1. An attacker could contrive a ZIP archive that would extract with legitimate contents on some package installers, and malicious contents on others due to multiple local file entries. The attacker could choose which installer to target

Affected: >= 0Fixed in 0.8.6Published Aug 7, 2025source \u2192

Frequently Asked Questions

Is Unitree Go2 Mcp Server safe to use?: Unitree Go2 Mcp Server has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.
How do I install Unitree Go2 Mcp Server?: Unitree Go2 Mcp Server supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What AI clients work with Unitree Go2 Mcp Server?: Unitree Go2 Mcp Server is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and http transport.
Is Unitree Go2 Mcp Server actively maintained?: Unitree Go2 Mcp Server is less actively maintained — last commit was 332 days ago. It has 76 GitHub stars.

Unitree Go2 Mcp Server

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Security

Advisories (0 open, 3 fixed)

Reviews

Frequently Asked Questions

Similar servers

Sequential Thinking MCP Server

Arxiv Mcp Server

Gemini Cli

Python Sdk

Discussion