Blueprint reading, authoring, and compilation. Covers variables, functions, graphs, nodes, components, interfaces, and event dispatchers. Actions: - read: Read BP structure incl. SCS components AND inherited native components from the CDO (CharacterMesh0, CharMoveComp, etc.). Params: assetPath, i...
Risk signalsAccepts freeform code/query input (query) · High parameter count (64 properties)
Part of the Ue server.
Free to start. No card required.
AI agents may call blueprint to permanently remove or destroy resources in Ue. Without a policy, an autonomous agent could delete critical data in a loop with no way to undo the damage. PolicyLayer blocks destructive tools by default and requires explicit human approval before enabling them.
Without a policy, an AI agent could call blueprint in a loop, permanently destroying resources in Ue. There is no undo for destructive operations. PolicyLayer blocks this tool by default and only allows it when a human explicitly approves the action.
Destructive tools permanently remove data. Block by default. Only enable with explicit approval workflows.
{
"version": "1",
"default": "deny",
"hide": [
"blueprint"
]
}See the full Ue policy for all 22 tools.
These attack patterns abuse exactly the kind of access blueprint gives an agent. Each links to the full case and the policy that stops it:
Other destructive tools across the catalogue. The same approach applies to each: deny by default, or require human approval.
Blueprint reading, authoring, and compilation. Covers variables, functions, graphs, nodes, components, interfaces, and event dispatchers. Actions: - read: Read BP structure incl. SCS components AND inherited native components from the CDO (CharacterMesh0, CharMoveComp, etc.). Params: assetPath, includeComponentProperties? (dump UPROPERTY name/type/value per component template; off by default) (#353/#370) - list_variables: List variables. Params: assetPath - list_functions: List functions/graphs. Params: assetPath - read_graph: Read graph nodes. Params: assetPath, graphName - read_graph_summary: Lightweight graph summary (nodes+edges only, ~10KB). Params: assetPath, graphName? - get_execution_flow: Trace exec pins from an entry point. Params: assetPath, graphName?, entryPoint? - get_dependencies: Forward (classes/functions/assets) or reverse (referencers) deps. Params: assetPath, reverse? - create: Create Blueprint. Params: assetPath, parentClass? - add_variable: Add variable. Params: assetPath, name, varType - set_variable_properties: Edit variable properties. Params: assetPath, name, instanceEditable?, blueprintReadOnly?, category?, tooltip?, replicationType?, exposeOnSpawn? - create_function: Create function. Params: assetPath, functionName - delete_function: Delete function. Params: assetPath, functionName - rename_function: Rename function. Params: assetPath, oldName, newName - add_node: Add graph node. Params: assetPath, graphName?, nodeClass, nodeParams? - delete_node: Delete node. Params: assetPath, graphName, nodeName - set_node_property: Set node pin default or struct property. Params: assetPath, graphName, nodeName, propertyName, value - connect_pins: Wire nodes. Params: sourceNode, sourcePin, targetNode, targetPin, assetPath, graphName? - add_component: Add BP component. Params: assetPath, componentClass, componentName?, parentComponent? (SCS parent for hierarchy — #115) - remove_component: Remove SCS component. Params: assetPath, componentName - set_component_property: Set property on SCS or inherited component. Inherited components go through the child BP's InheritableComponentHandler override template so the parent stays untouched. Pass value=null to clear a TObjectPtr/SoftObject/WeakObject/UClass/Interface reference (e.g. clear AnimClass on CharacterMesh0) (#420). Params: assetPath, componentName, propertyName, value - set_capsule_size: Call UCapsuleComponent::SetCapsuleSize on a CapsuleComponent template (CharacterMovement-friendly path; raw property writes leave the visualizer stale). Pass either or both of halfHeight/radius. Returns the new + previous values. Params: assetPath, componentName, halfHeight?, radius? (#419) - get_component_property: Read a single property value from an SCS or inherited component template. Returns the ICH override value for child BPs if one exists. Params: assetPath, componentName, propertyName - set_class_default: Set UPROPERTY on Blueprint CDO. Pass value=null to clear an object/class/interface reference (#420). Params: assetPath, propertyName, value - delete_variable: Delete a member variable. Params: assetPath, name - add_function_parameter: Add input or output parameter to a function. Params: assetPath, functionName, parameterName, parameterType?, isOutput? - set_variable_default: Set default value on a BP variable. Params: assetPath, name, value - compile: Compile Blueprint. Params: assetPath - list_node_types: List node types. Params: category?, includeFunctions? - search_node_types: Search nodes. Params: query - create_interface: Create BP Interface. Params: assetPath - add_interface: Implement interface. Params: blueprintPath, interfacePath - list_graphs: List all graphs in a blueprint. Params: assetPath - add_event_dispatcher: Add event dispatcher (multicast delegate variable + signature graph + UFunction). Without parameters, broadcasters fire void(). With parameters, the signature graph gets typed user pins so K2Node_CallDelegate compiles cleanly (#276). Params: blueprintPath, name, parameters?: [{name, type}] where type is bool/int/float/string/name/text/vector/rotator/transform/object:/Script/Module.Class/struct:/Script/Module.Struct - duplicate: Duplicate blueprint asset. Params: sourcePath, destinationPath - add_local_variable: Add function-scope local variable. Params: assetPath, functionName, name, varType? - list_local_variables: List local variables in a function. Params: assetPath, functionName - validate: Validate blueprint without saving (compile + collect diagnostics). Params: assetPath - read_component_properties: Dump ALL UPROPERTYs on a BP component template incl. array contents (#105). Params: assetPath, componentName - read_node_property: Read a node pin default OR a reflected node property for verification (#102). Params: assetPath, graphName?, nodeName, propertyName - reparent_component: Reparent an SCS component under a new parent (#115). Params: assetPath, componentName, newParent - reparent: Change a Blueprint's ParentClass and recompile (#138). Params: assetPath, parentClass (short name or full path). - set_actor_tick_settings: Set actor CDO tick settings (#116). Params: assetPath, bCanEverTick?, bStartWithTickEnabled?, TickInterval? - export_nodes_t3d: Export graph nodes as T3D text (Ctrl+C equivalent) for bulk round-trip (#130). Params: assetPath, graphName?, nodeIds? (omit = whole graph) - import_nodes_t3d: Paste a T3D node blob into a graph (Ctrl+V equivalent) for bulk authoring (#130). Params: assetPath, graphName?, t3d, posX?, posY? - set_cdo_property: Set UPROPERTY on any C++ class CDO (not just Blueprints). Params: className, propertyName, value (#182/#183) - get_cdo_properties: Read UPROPERTY values from any C++ class CDO. Params: className, propertyNames? (#183) - run_construction_script: Spawn temp actor, run construction script, return generated components and transforms. Params: assetPath, location? (#195) - compile_all: Batch compile + save Blueprints. Params: assetPaths[], save? (default true). Returns per-path status (compiled/failed/not_found) (#284) - cleanup_graph: Remove orphan/corrupted nodes (no class, blank title+no pins, missing target UFunction). Params: assetPath, graphName? (default: every graph) (#285) - connect_pins_batch: Apply many pin connections in one call (single compile + save). Params: assetPath, graphName?, connections[]: [{sourceNode, sourcePin, targetNode, targetPin}] (#267) - set_node_position: Move a graph node to (posX, posY). Params: assetPath, graphName?, nodeId, posX, posY (#277) - auto_layout: Topological layered layout for a graph. Eliminates the (0,0) stack from programmatic add_node. Params: assetPath, graphName?, columnGap? (default 360), rowGap? (default 200) (#277). It is categorised as a Destructive tool in the Ue MCP Server, which means it can permanently delete or destroy data. Block by default and require explicit approval.
Register the Ue MCP server in PolicyLayer and add a rule for blueprint: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Ue. Nothing to install.
blueprint is a Destructive tool with critical risk. Critical-risk tools should be blocked by default and only enabled with explicit human approval.
Yes. Add a rate_limit block to the blueprint rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for blueprint. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
blueprint is provided by the Ue MCP server (ue-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 22 Ue tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.