v2.7.0
ddb-mcp v2.7.0
This release brings proper Windows support — your D&D Beyond session now lives in the standard %APPDATA% folder instead of a Unix-style hidden directory — plus tighter protections against malicious content sneaking out of DDB pages (forum posts, party-member backstories, campaign notes) and steering Claude into doing something you didn't ask for. Linux setup is also documented more clearly, and a few quiet rough edges around saving sessions and downloads have been smoothed over.
New Features
- Windows support is now first-class. Your session file is stored at
%APPDATA%\ddb-mcp\session.json(the standard Windows location) instead of a Linux-style~/.configfolder. If you previously used ddb-mcp on Windows, you'll see a one-time notice on startup telling you to re-runddb_loginat the new location. - Linux setup instructions added to the README, including a note that Claude Desktop doesn't have an official Linux build — pointing Linux users toward Claude Code, Cursor, or other MCP clients instead.
- Windows path help in the README — explains how to write Windows paths in the JSON config without backslash-escaping headaches.
Improvements
- Safer clicks on DDB pages. Clicking a button via
ddb_interactnow requires the same explicit confirmation that filling a form already did. This protects against malicious page content (a poisoned forum post, a tampered campaign note) tricking Claude into deleting a character, leaving a campaign, or posting to a forum on your behalf. Screenshots remain unguarded since they're read-only. - Scraped DDB page content is now clearly labelled as untrusted. When Claude reads a DDB page, the page text is wrapped in tags so Claude can tell the difference between its own tools talking and random text that some other DDB user wrote — making prompt-injection attacks much harder to land.
- Character downloads are more reliable. If your
~/Downloadsor~/Documentsfolder doesn't exist yet (common on minimal Linux installs), ddb-mcp now creates it for you instead of failing with a confusing error. Same for screenshots.
Security
- Session file saves are now atomic and tamper-resistant. Your DDB cookies are written to a temp file and renamed into place, so a crash mid-save can never leave you with a half-written session file. On macOS and Linux, the file is also created with locked-down permissions from the very first byte (no brief window where another user could read it), and ddb-mcp refuses to follow a symbolic link planted at the session path.
- Browser navigation locked down to
www.dndbeyond.comspecifically — no other DDB subdomains are accepted, even ones DDB might add later. - Selector validation in
ddb_interactis stricter. A wider set of advanced Playwright selector syntaxes that could be abused by a malicious DDB page are now rejected up front.