High-risk tools in Godot
26 of the 282 tools in Godot are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
compile_shaderExecuteCompile (reimport) a .gdshader via Godot editor or local validation.
-
editor_bake_lightmapsExecuteTrigger lightmap baking.
-
editor_bake_navigationExecuteBake navigation meshes for all NavigationRegion nodes in current scene.
-
editor_debug_breakExecuteStop execution (break) in debugger.
-
editor_debug_continueExecuteResume execution in debugger.
-
editor_debug_stepExecuteStep into next line in debugger.
-
editor_debug_step_overExecuteStep over current line in debugger.
-
editor_enable_pluginExecuteEnable a named editor plugin.
-
editor_evaluate_expressionExecuteEvaluate a GDScript expression in debugger/editor context.
-
editor_focusExecuteBring the Godot editor window to the foreground.
-
editor_get_class_docExecuteOpen Godot documentation for a class in browser.
-
editor_open_assetExecuteOpen an asset in editor.
-
editor_open_dockExecuteOpen a dock: filesystem, inspector, scene, output.
-
editor_playExecutePlay project from editor.
-
editor_reimport_assetExecuteForce reimport of an asset.
-
editor_reload_sceneExecuteSave and reload current scene.
-
editor_run_gdscriptExecuteExecute arbitrary GDScript code in editor context.
-
editor_run_specific_sceneExecuteRun a specific scene (not just main).
-
editor_set_selectionExecuteSelect node in editor.
-
editor_simulate_keyExecuteSimulate a key press in the editor (e.g. "F5" to run, "Ctrl+S" to save).
-
editor_stopExecuteStop playing in editor.
-
editor_toggle_snapExecuteToggle 3D snap mode.
-
export_projectExecuteExport project via Godot CLI preset.
-
launch_editorExecuteLaunch Godot editor with project.
-
run_projectExecuteRun the Godot project.
-
stop_projectExecuteStop all running Godot processes.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.