Skip to content

chore(deps): update dependency blender-mcp to v1.6.4#718

Open
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/blender-mcp-1.x
Open

chore(deps): update dependency blender-mcp to v1.6.4#718
renovate[bot] wants to merge 1 commit into
mainfrom
renovate/blender-mcp-1.x

Conversation

@renovate

@renovate renovate Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
blender-mcp 1.5.61.6.4 age confidence

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • Between 12:00 AM and 03:59 AM, only on Monday (* 0-3 * * 1)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot added the dependencies label Jul 3, 2026
@toolhive-release-app

toolhive-release-app Bot commented Jul 3, 2026

Copy link
Copy Markdown
Contributor

🔒 MCP Security Scan Results

❌ blender-mcp

  • Status: Failed
  • Tools scanned: 22
  • Vulnerabilities found: 12

Security issues detected:

  • [AITech-1.1] Explicit attempts to override, replace, or modify the model's system instructions, operational directives, or behavioral guidelines through direct user input, causing the model to follow attacker-controlled instructions instead of its intended programming (e.g., "Ignore previous instructions").
  • [AITech-1.1] Explicit attempts to override, replace, or modify the model's system instructions, operational directives, or behavioral guidelines through direct user input, causing the model to follow attacker-controlled instructions instead of its intended programming (e.g., "Ignore previous instructions").
  • [AITech-1.1] Explicit attempts to override, replace, or modify the model's system instructions, operational directives, or behavioral guidelines through direct user input, causing the model to follow attacker-controlled instructions instead of its intended programming (e.g., "Ignore previous instructions").
  • [AITech-1.1] Explicit attempts to override, replace, or modify the model's system instructions, operational directives, or behavioral guidelines through direct user input, causing the model to follow attacker-controlled instructions instead of its intended programming (e.g., "Ignore previous instructions").
  • [AITech-1.1] Explicit attempts to override, replace, or modify the model's system instructions, operational directives, or behavioral guidelines through direct user input, causing the model to follow attacker-controlled instructions instead of its intended programming (e.g., "Ignore previous instructions").
  • [AITech-1.1] Explicit attempts to override, replace, or modify the model's system instructions, operational directives, or behavioral guidelines through direct user input, causing the model to follow attacker-controlled instructions instead of its intended programming (e.g., "Ignore previous instructions").
  • [AITech-1.1] Explicit attempts to override, replace, or modify the model's system instructions, operational directives, or behavioral guidelines through direct user input, causing the model to follow attacker-controlled instructions instead of its intended programming (e.g., "Ignore previous instructions").
  • [AITech-1.1] Explicit attempts to override, replace, or modify the model's system instructions, operational directives, or behavioral guidelines through direct user input, causing the model to follow attacker-controlled instructions instead of its intended programming (e.g., "Ignore previous instructions").
  • [AITech-1.1] Explicit attempts to override, replace, or modify the model's system instructions, operational directives, or behavioral guidelines through direct user input, causing the model to follow attacker-controlled instructions instead of its intended programming (e.g., "Ignore previous instructions").
  • [AITech-1.1] Explicit attempts to override, replace, or modify the model's system instructions, operational directives, or behavioral guidelines through direct user input, causing the model to follow attacker-controlled instructions instead of its intended programming (e.g., "Ignore previous instructions").
  • [AITech-1.1] Explicit attempts to override, replace, or modify the model's system instructions, operational directives, or behavioral guidelines through direct user input, causing the model to follow attacker-controlled instructions instead of its intended programming (e.g., "Ignore previous instructions").
  • [AITech-1.1] Explicit attempts to override, replace, or modify the model's system instructions, operational directives, or behavioral guidelines through direct user input, causing the model to follow attacker-controlled instructions instead of its intended programming (e.g., "Ignore previous instructions").

Allowed issues (not blocking):

  • [AITech-8.2] Unintentional and/or unauthorized exposure or exfiltration of sensitive information, such as private or sensitive data, intellectual property, and proprietary algorithms through exploitation of agent tools, integrations, or capabilities, where the agent is manipulated to use legitimate tools for malicious data exfiltration purposes. (Allowed: Data leak risk acceptable - tool designed for creative workflows where external content integration is essential. Users should be aware of potential data exposure through code execution capabilities.)
  • [AITech-12.1] Corrupting, modifying, or degrading the functionality, outputs, or behavior of tools used by agents through data poisoning, configuration tampering, or behavioral manipulation, causing the tool resulting in deceptive or malicious outputs, privilege escalation, or propagation of altered data. (Allowed: Tool exploitation risk acceptable - execute_blender_code tool is core functionality for Blender automation allowing arbitrary Python code execution. Users should only use with trusted prompts and in isolated environments.)

Summary: Scanned 1 MCP server(s), found 12 security issue(s).

⚠️ Action Required: Security issues were detected. Please review and address them before merging.

@renovate renovate Bot force-pushed the renovate/blender-mcp-1.x branch from 3178335 to 9fc821d Compare July 3, 2026 10:15
@renovate renovate Bot force-pushed the renovate/blender-mcp-1.x branch from 9fc821d to 683696a Compare July 8, 2026 07:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants