blender-mcp

Warn

Audited by Socket on May 16, 2026

1 alert found:

Anomaly
AnomalyLOW
SKILL.md

SUSPICIOUS. The core capabilities fit a Blender-control skill, but the install path is weaker than necessary: it fetches a mutable raw GitHub addon from a different personal account than the listed author instead of using a pinned or registry-backed release. Data flow stays local and purpose-aligned, so this is not confirmed malware, but the supply-chain trust is high risk.

Confidence: 89%Severity: 74%
Audit Metadata
Analyzed At
May 16, 2026, 01:46 PM
Package URL
pkg:socket/skills-sh/NousResearch%2Fhermes-agent%2Fblender-mcp%2F@2fe1f65ae070d5d0d38fc1e4be5a66c712fc2949
Security Audit — socket — blender-mcp