Request: Review auto-generated MCP permission manifest for Blender #151
Description
Dear Authors / Maintainers,
We are researchers from the University of St. Gallen studying how to make Model Context Protocol (MCP) servers safer to run via a sandboxed permission system. As part of our study, we auto generated a permission manifest for your MCP server and would love your feedback on whether it is correct and complete.
The MCP server in question is: Blender
Please review the manifest below and let us know:
- Are the permissions and their scopes correct?
- Are any permissions missing?
- Do any permissions need to be runtime-scoped (e.g., a specific project directory) rather than global?
Proposed manifest (please review)
{
"description": "BlenderMCP is an MCP server that connects to a Blender addon over a local TCP socket to inspect and manipulate Blender scenes, execute Python in Blender, capture viewport screenshots, and coordinate asset workflows (PolyHaven, Sketchfab, Hyper3D) via the addon. The MCP server itself requires local socket access, temp file access for screenshots, and environment variables to locate the addon.",
"permissions": [
"mcp.ac.network.client",
"mcp.ac.system.env.read",
"mcp.ac.filesystem.read",
"mcp.ac.filesystem.delete"
]
}Please let us know if you have any questions and/or remarks.
In case you want to see the (current) full permission system:
MCP Permission System
| Permission | Description | Notes |
|---|---|---|
mcp.ac.filesystem.read |
Read files/directories | |
mcp.ac.filesystem.write |
Write/create files | |
mcp.ac.filesystem.delete |
Delete files or directories | |
mcp.ac.system.env.read |
Read environment variables | e.g., API_KEY, PATH |
mcp.ac.system.env.write |
Set environment variables | setting the env variables |
mcp.ac.system.exec |
Execute OS commands | CLI runners, shells |
mcp.ac.system.process |
List or kill processes | |
mcp.ac.network.client |
General Outgoing network access | |
mcp.ac.network.server |
Accept incoming connections | |
mcp.ac.network.bluetooth |
Use Bluetooth connections | macOS TCC-protected |
mcp.ac.peripheral.camera |
Capture images/video | macOS TCC-controlled |
mcp.ac.peripheral.microphone |
Record audio | TCC-protected |
mcp.ac.peripheral.speaker |
Play audio | |
mcp.ac.peripheral.screen.capture |
Screen capture | Requires consent (macOS: Screen Recording) |
mcp.ac.location |
Access location data | From Wi-Fi, IP, GNSS |
mcp.ac.notifications.post |
Show system notifications | macOS/Windows |
mcp.ac.clipboard.read / .write |
Read/write clipboard | Copy-paste support |
Thank you very much for your time and your efforts in making MCP more secure.