unity-mcp

The server connects to the Unity Editor locally via a socket and proxies commands from an MCP client (e.g., Claude Desktop, Cursor). While the default connection is to 'localhost', assuming a trusted environment, there are significant risks: 1. Script Execution: Tools like `create_script` and `update_script` directly pass arbitrary C# code content from the AI client to Unity for creation/modification. If the AI client (or its input) is compromised, this allows arbitrary code execution within the Unity Editor environment, which can lead to full system compromise upon compilation and execution. 2. Command Execution: The `execute_command` tool allows running various Unity Editor commands. While it can validate against available commands, a malicious command could still perform sensitive operations. 3. Asset Manipulation: `import_asset` and `create_prefab` can lead to injecting or modifying potentially harmful assets or configurations if a malicious source is provided. There is no sandboxing or robust content validation for AI-generated code or commands before they are sent to the Unity Editor. The system design inherently trusts the AI's output to be non-malicious.