High-risk tools in Godot MCP Unified
9 of the 83 tools in Godot MCP Unified are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
batch_operationsExecuteExecute multiple MCP tools in sequence with error handling. Useful for complex workflows like creating a scene with multiple nodes and scripts.
-
export_projectExecuteExport a Godot project to a specified platform preset
-
launch_editorExecuteLaunch Godot editor for a specific project
-
run_projectExecuteRun the Godot project and capture output
-
setup_lightmapperExecuteConfigure LightmapGI node in a scene for baked lighting, optionally trigger lightmap baking
-
start_debug_streamExecuteStart a WebSocket server for real-time debug output streaming. Connect with any WebSocket client to receive live Godot debug messages.
-
stop_debug_streamExecuteStop the WebSocket server for debug output streaming
-
stop_projectExecuteStop the currently running Godot project
-
take_screenshotExecuteTake a screenshot of a Godot project by running it briefly
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.