High-risk tools in Godot Devtool
15 of the 101 tools in Godot Devtool are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
browser_visualizer_startExecuteStart a local read-only browser dashboard for Godot editor/runtime bridge status and live-route guidance
-
browser_visualizer_stopExecuteStop the local Browser visualizer HTTP dashboard
-
launch_editorExecuteReuse an already connected Godot editor for a project, launch one only when no bridge is connected, and refuse to open a replacement editor when the configured bridge port is oc...
-
run_projectExecuteRun the Godot project and capture output
-
run_project_checksExecuteRun stable project checks for CI, review, and release workflows
-
stop_projectExecuteStop the currently running Godot project
-
stop_run_instanceExecuteStop one Godot run instance by runId
-
check_gdscript_syntaxExecuteRun Godot --check-only against a GDScript file and return diagnostics
-
broker_cleanup_idleExecuteStop the transient shared broker listener only when no clients, runs, or pending commands require it
-
editor_select_nodeExecuteSelect a node in the live Godot editor when an editor bridge is available
-
editor_undo_redoExecutePerform undo or redo in the live Godot editor when an editor bridge is available
-
export_projectExecuteRun a controlled Godot export for a configured preset
-
navigationExecuteCreate, inspect, configure, bake, query, and debug NavigationRegion and NavigationAgent nodes
-
plugin_cleanup_portExecuteExplicitly inspect and optionally stop stale godot-devtool WebSocket bridge listeners on a local port
-
plugin_reloadExecuteReload the godot-devtool editor plugin through the WebSocket bridge
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.