ai.smithery/ChiR24-unreal_mcp

7.0

Control Unreal Engine to browse assets, import content, and manage levels and sequences. Automate…

streamable-httpai-ml developer-tools automation

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-smithery-chir24-unreal-mcp": {
      "type": "streamable-http",
      "url": "https://server.smithery.ai/@ChiR24/unreal_mcp/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-smithery-chir24-unreal-mcp": {
      "url": "https://server.smithery.ai/@ChiR24/unreal_mcp/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10

Permissions10

Behavior4

Stability--

Findings (6)

high

vague-description

Incomplete and Truncated Description

The server description is cut off mid-sentence ('Automate…'), making it impossible to fully understand the server's intended scope and capabilities. This incomplete documentation raises concerns about whether the server's actual functionality matches its stated purpose.

high

network-access

Remote HTTP Endpoint Without Visible Authentication

The server operates as a remote HTTP endpoint (streamable-http) accessible via https://server.smithery.ai/@ChiR24/unreal_mcp/mcp. Remote servers are inherently higher risk than local stdio servers, and no authentication mechanism is documented.

medium

excessive-scope

Broad Unreal Engine Control Claims

The server claims to 'control Unreal Engine' with capabilities including browsing assets, importing content, and managing levels and sequences. This represents significant control over a complex application and could enable unintended modifications or data access.

medium

code-execution

Potential for Unreal Engine Script/Blueprint Execution

A server that manages Unreal Engine levels, sequences, and assets may have the ability to execute scripts or blueprints within the engine, which could be leveraged for unintended code execution.

low

info

Tool Definitions Not Available

Tool definitions could not be fetched from the server, preventing detailed analysis of input validation, prompt injection risks, and specific capability constraints.

info

vague-description

Semantic Analysis Summary

This Unreal Engine control server presents moderate-to-high risk due to its remote HTTP endpoint, incomplete documentation, and broad claims of engine control without visible authentication or detailed capability documentation. The inability to inspect tool definitions prevents thorough security analysis. The repository link is a positive trust signal, but the truncated description and remote exposure warrant caution.

Last scanned 1h ago

Details

Version: 0.4.6
Transport: streamable-http
Capabilities
Repository: ChiR24/Unreal_mcp