foundry-vtt-mcp

The server architecture is designed with security in mind, employing a registry pattern and Zod schemas for input validation. Critical operations, such as character data extraction and content creation, are restricted to Game Master (GM) users in Foundry VTT, with additional configurable permissions for write operations ('Allow Write Operations' setting). The use of `execSync` and `spawn` for process execution is isolated to installation scripts (e.g., for Python/ComfyUI) and internal backend management (e.g., spawning the ComfyUI service), rather than processing arbitrary user input. No direct `eval` of user input is observed. Network communication uses WebSocket and WebRTC, typical for such applications. There are no obvious hardcoded API keys or sensitive credentials exposed. The biggest remaining risks would be a vulnerability in the underlying Foundry VTT API itself, or an undiscovered injection vector in the prompt processing that could bypass validation and lead to unintended system commands, though current code mitigates this by abstracting actions through specific tools. Requires user's Claude Pro/Max plan for MCP access, which implies an additional layer of external security.