godot-mcp-native

CRITICAL E006: Malicious code pattern detected in skill scripts.

• Malicious code pattern detected (high risk: 0.90). The skill exposes an HTTP MCP server (default auth disabled) that can read and modify project files, execute arbitrary GDScript in the editor and at runtime, capture logs/screenshots, and install runtime probes — providing clear remote code-execution and data-exfiltration capabilities that can be abused as a backdoor if network-accessible or misconfigured.