Skip to content

v2.7.0

Choose a tag to compare

@iamjameslennon iamjameslennon released this 11 May 13:59

ddb-mcp v2.7.0

This release brings proper Windows support — your D&D Beyond session now lives in the standard %APPDATA% folder instead of a Unix-style hidden directory — plus tighter protections against malicious content sneaking out of DDB pages (forum posts, party-member backstories, campaign notes) and steering Claude into doing something you didn't ask for. Linux setup is also documented more clearly, and a few quiet rough edges around saving sessions and downloads have been smoothed over.

New Features

  • Windows support is now first-class. Your session file is stored at %APPDATA%\ddb-mcp\session.json (the standard Windows location) instead of a Linux-style ~/.config folder. If you previously used ddb-mcp on Windows, you'll see a one-time notice on startup telling you to re-run ddb_login at the new location.
  • Linux setup instructions added to the README, including a note that Claude Desktop doesn't have an official Linux build — pointing Linux users toward Claude Code, Cursor, or other MCP clients instead.
  • Windows path help in the README — explains how to write Windows paths in the JSON config without backslash-escaping headaches.

Improvements

  • Safer clicks on DDB pages. Clicking a button via ddb_interact now requires the same explicit confirmation that filling a form already did. This protects against malicious page content (a poisoned forum post, a tampered campaign note) tricking Claude into deleting a character, leaving a campaign, or posting to a forum on your behalf. Screenshots remain unguarded since they're read-only.
  • Scraped DDB page content is now clearly labelled as untrusted. When Claude reads a DDB page, the page text is wrapped in tags so Claude can tell the difference between its own tools talking and random text that some other DDB user wrote — making prompt-injection attacks much harder to land.
  • Character downloads are more reliable. If your ~/Downloads or ~/Documents folder doesn't exist yet (common on minimal Linux installs), ddb-mcp now creates it for you instead of failing with a confusing error. Same for screenshots.

Security

  • Session file saves are now atomic and tamper-resistant. Your DDB cookies are written to a temp file and renamed into place, so a crash mid-save can never leave you with a half-written session file. On macOS and Linux, the file is also created with locked-down permissions from the very first byte (no brief window where another user could read it), and ddb-mcp refuses to follow a symbolic link planted at the session path.
  • Browser navigation locked down to www.dndbeyond.com specifically — no other DDB subdomains are accepted, even ones DDB might add later.
  • Selector validation in ddb_interact is stricter. A wider set of advanced Playwright selector syntaxes that could be abused by a malicious DDB page are now rejected up front.