TLDR
- The main active public implementation is
ahujasid/blender-mcp, distributed on PyPI asblender-mcp. - PyPI lists
1.6.4as the latest release, published on 2026-06-11. - It bridges an MCP server to a Blender add-on over localhost TCP, enabling scene inspection, object/material ops, Blender Python execution, screenshots, and asset/model integrations.
- Best ForgeApps split: use MCP for interactive agentic scene editing; use local TypeScript/headless Blender scripts for deterministic automation, testing, rendering, conversion, and CI.
- Security posture matters:
execute_blender_codeis arbitrary Python in Blender. Treat it as a trusted local automation bridge, not an unreviewed production API.
External Results
| Source | Date | Claim / Evidence | Confidence |
|---|---|---|---|
| GitHub: ahujasid/blender-mcp | Fetched 2026-07-02 | Open-source MCP to use Blender with any LLM; repo page showed 23.4k stars, 2.3k forks, 159 commits, and docs for scene/object/material/code/asset integrations. | High |
| PyPI: blender-mcp | Latest release 2026-06-11 | Package version 1.6.4, Python >=3.10, MIT license, release history through June 2026. | High |
| Blender MCP server architecture | Updated 2026-03-11 | Documents AI client to MCP server to TCP socket to Blender add-on architecture, plus tools for scene info, objects, materials, assets, Python execution, and screenshots. | Medium |
| MCP spec | Spec version 2025-06-18 | MCP uses JSON-RPC 2.0 and exposes resources, prompts, and tools; security guidance emphasizes consent, privacy, and tool safety. | High |
| SMCP paper | Submitted 2026-02-01 | Identifies MCP ecosystem risks including unauthorized access, tool poisoning, prompt injection, privilege escalation, and supply-chain attacks. | Medium |
| MCP threat modeling paper | Submitted 2026-03-23 | Highlights tool poisoning through tool metadata as a major client-side risk. | Medium |
| MCP tool-description study | v3 revised 2026-05-31 | 856 tools across 103 MCP servers were studied; many tool descriptions had quality issues that affect agent performance and cost. | Medium |
Internal Results
| Source | Date | Claim / Evidence | Confidence |
|---|---|---|---|
.forgebot/skills/blender/SKILL.md | Current local file | Top-level ForgeBot Blender skill covers headless automation, conversion, rendering, procedural generation, and records blender-mcp as installed. | Internal-high |
.forgebot/skills/blender/references/...deep-research-report.md | Local prior research | Prior work identified MCP-based Blender control as the fastest practical path for prompt-to-editable-scene workflows, while still recommending structured specs/seeds for repeatability. | Internal-medium |
.forgebot/skills/blender/scripts/selftest.ts | Current local file | ForgeApps already has deterministic TypeScript automation that creates and opens a random Blender scene via headless Blender. | Internal-high |
.forgebot/skills/blender/__tests__/blender-installed.test.ts | Current local file | Local test verifies Blender is installed and reports version. | Internal-high |
Findings
1. Center of gravity: Public evidence points to
ahujasid/blender-mcp as the active 2026 implementation. Treat other names as leads until verified against active repos/packages.2. Architecture: It is an MCP-to-socket bridge, not direct Blender embedding. Connection lifecycle, ports, and local trust boundaries matter.
3. Tool surface: Scene inspection, object/material manipulation, screenshots, assets, and Python execution are useful; arbitrary Python is the sharp edge.
4. Client support: Claude and Cursor look most mature; the project also documents VSCode/Cline-style clients, ChatGPT, Gemini CLI, and Ollama/local models.
5. Security trend: 2026 MCP research is increasingly focused on tool poisoning, prompt injection, metadata trust, and auditability.
6. ForgeApps split: Use MCP for interactive scene editing and exploration; use local scripts for deterministic production automation.
Recommended ForgeApps Path
- Keep the top-level
blenderskill as the canonical workflow entry. - Add
/blender mcp-statusto verifyuvx,blender-mcpversion, add-on state, socket reachability, telemetry setting, and client conflicts. - Pin launch config to
uvx --python 3.11 blender-mcpwithUV_PYTHON_PREFERENCE=only-managed. - Default to
DISABLE_TELEMETRY=truefor ForgeFX/client work. - Keep
execute_blender_codebehind explicit approval and do not feed untrusted external prompts into it unreviewed. - Prefer constrained ForgeApps tools for production:
create_scene_from_spec,inspect_scene,render_preview,export_glb.
Caveats
I did not find a currently verifiable separate "Blender-MCP-Server with 50+ tools" primary source during this pass. Local prior research mentions it, but the public evidence verified today points most strongly to ahujasid/blender-mcp. The Blender MCP website is a project/community site, not Blender Foundation documentation. The security papers are general MCP research, not Blender-specific audits.