Email: 64996768+mcp-tool-shop@users.noreply.github.com

Include:

• Description of the vulnerability
• Steps to reproduce
• Version affected
• Potential impact

This tool operates locally only.

• Data touched: user-created world project files (JSON) on local disk
• No network egress — editor runs as a local dev server, no external API calls
• No secrets handling — does not read, store, or transmit credentials
• No telemetry is collected or sent