cesium-mcp

Name: cesium-mcp
Author: gaopengbin

Issues

AI-powered CesiumJS 3D globe control 49 tools for camera, entities, layers, animation & spatial analysis via Model Context Protocol (MCP). Natural language to 3D GIS.

111stars

23forks

JavaScript

Installation

# Add to your Claude Code skills
git clone https://github.com/gaopengbin/cesium-mcp

Getting Started

Guides for using ai agents skills like cesium-mcp.

Caveman: Cut Claude Token Use by 65%
How agent-side prompt compression works, when to use it, and when not to.
What is an AI Skills Marketplace?
Definitions, how marketplaces work, and how to choose between them in 2026.
Getting Started with AI Skills

Security ReportIssues

Last scanned: 5/30/2026

{
  "issues": [
    {
      "type": "npm-audit",
      "message": "@hono/node-server: @hono/node-server: Middleware bypass via repeated slashes in serveStatic",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "@protobufjs/utf8: protobufjs has overlong UTF-8 decoding",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "basic-ftp: basic-ftp: Incomplete CRLF Injection Protection Allows Arbitrary FTP Command Execution via Credentials and MKD Commands",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "dompurify: DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "esbuild: esbuild enables any website to send any requests to the development server and read the response",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "express-rate-limit: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "fast-uri: fast-uri vulnerable to path traversal via percent-encoded dot segments",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "hono: Hono missing validation of cookie name on write path in setCookie()",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "ip-address: ip-address has XSS in Address6 HTML-emitting methods",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "miniflare: Vulnerability found",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "path-to-regexp: path-to-regexp vulnerable to Denial of Service via sequential optional groups",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "picomatch: Picomatch: Method Injection in POSIX Character Classes causes incorrect Glob Matching",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "postcss: PostCSS has XSS via Unescaped </style> in its CSS Stringify Output",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "protobufjs: Arbitrary code execution in protobufjs",
      "severity": "critical"
    },
    {
      "type": "npm-audit",
      "message": "qs: qs has a remotely triggerable DoS: qs.stringify crashes with TypeError on null/undefined entries in comma-format arrays when encodeValuesOnly is set",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "tmp: tmp has Path Traversal via unsanitized prefix/postfix that enables directory escape",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "undici: Undici: Malicious WebSocket 64-bit length overflows parser and crashes the client",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "vite: Vite Vulnerable to Path Traversal in Optimized Deps `.map` Handling",
      "severity": "high"
    },
    {
      "type": "npm-audit",
      "message": "vitepress: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "wrangler: Vulnerability found",
      "severity": "medium"
    },
    {
      "type": "npm-audit",
      "message": "ws: ws: Uninitialized memory disclosure",
      "severity": "medium"
    }
  ],
  "status": "FAILED",
  "scannedAt": "2026-05-30T16:38:39.258Z",
  "npmAuditRan": true,
  "pipAuditRan": true
}

README.md

Frequently Asked Questions

What is cesium-mcp?

cesium-mcp is an open-source ai agents skill for AI coding assistants such as Claude Code, Codex CLI, and ChatGPT, built by gaopengbin. AI-powered CesiumJS 3D globe control 49 tools for camera, entities, layers, animation & spatial analysis via Model Context Protocol (MCP). Natural language to 3D GIS. It has 111 GitHub stars.

Is cesium-mcp safe to use?

cesium-mcp failed SkillsLLM's automated security scan, which flagged one or more high-severity issues. Review the Security Report section carefully before using it.

How do I install cesium-mcp?

Clone the repository with "git clone https://github.com/gaopengbin/cesium-mcp" and add it to your Claude Code skills directory (see the Installation section above).

What programming language is cesium-mcp written in?

cesium-mcp is primarily written in JavaScript. It is open-source under gaopengbin on GitHub, so you can review or fork the full source.

Are there alternatives to cesium-mcp?

Yes. SkillsLLM lists many other AI Agents skills you can browse and compare side by side. Open the AI Agents category from the badge at the top of this page, or use the Related Skills and comparison links further down to weigh cesium-mcp against similar tools.

Agentic AI for Beginners

Build your first AI agent from scratch - tool use, ReAct pattern, memory, deployment

41 minBeginner

Comments (0)

to leave a comment.

No comments yet. Be the first to share your thoughts!

Related Skills

ECC

by affaan-m

The agent harness performance optimization system. Skills, instincts, memory, security, and research-first development for Claude Code, Codex, Opencode, Cursor and beyond.

218,379

blankspace crypto-trading-arena

Demo

https://github.com/user-attachments/assets/8a40565a-fcdd-47bf-ae67-bc870611c908

Packages & Entry Points

Module	Role	Status	Links
cesium-mcp-bridge	Protocol-agnostic command dispatcher (60+ tools)	Mainline, actively iterated	· source
examples/browser-agent	Browser-only AI agent (recommended starting point, zero backend)	Recommended	example · live demo
cesium-mcp-runtime	MCP server (stdio + HTTP)	Stable, slow updates	· source
cesium-mcp-dev	CesiumJS API knowledge base for coding assistants	Maintained	· source

Which one? Personal project or quick try → browser-agent. Existing web app embedding an AI assistant → bridge + your own function calling. Calling from Claude Desktop / Cursor / Dify → MCP runtime.

Architecture

flowchart LR
  subgraph clients ["AI Drivers (pick one)"]
    BA["Browser Agent\n(in the same page)"]
    FC["Your web app\nfunction calling"]
    MCP["Claude / Cursor / Dify\nvia MCP runtime"]
  end

  subgraph core ["cesium-mcp-bridge (browser)"]
    B["60+ tools\nprotocol-agnostic dispatcher"]
    C["CesiumJS Viewer"]
  end

  BA -- "in-page call" --> B
  FC -- "in-page call" --> B
  MCP -- "WebSocket / JSON-RPC" --> B
  B --> C

  style clients fill:#1e293b,stroke:#528bff,color:#e2e8f0
  style core fill:#1e293b,stroke:#12B76A,color:#e2e8f0

The bridge is the only required piece. Pick whichever driver matches your scenario — they all hit the same 60+ tools.

Quick Start

Path 0 — Try in 30 seconds (browser agent, recommended)

Open the live demo, paste an OpenAI-compatible API key, and ask:

"Fly to the Eiffel Tower and drop a red marker"

Fork the examples/browser-agent folder to deploy your own.

Path 1 — Embed in your own web app (function calling)

npm install cesium-mcp-bridge

import { CesiumBridge } from 'cesium-mcp-bridge';

const bridge = new CesiumBridge(viewer);
// Then: send the bridge's tool schema to any LLM that supports function/tool calling,
// route the model's tool calls to bridge.execute(name, params).

See examples/browser-agent/index.html for a complete loop with OpenAI-compatible APIs.

Path 2 — Use from Claude Desktop / Cursor / Dify (MCP)

Install bridge as in Path 1, then start the MCP runtime:

# stdio mode (Claude Desktop, VS Code, Cursor)
npx cesium-mcp-runtime

# HTTP mode (Dify, remote/cloud MCP clients)
npx cesium-mcp-runtime --transport http --port 3000

MCP client config:

{
  "mcpServers": {
    "cesium": {
      "command": "npx",
      "args": ["-y", "cesium-mcp-runtime"]
    }
  }
}

58 Available Tools

Tools are organized into 12 toolsets. Default mode enables 4 core toolsets (~31 tools). Set CESIUM_TOOLSETS=all for everything, or let the AI discover and activate toolsets dynamically at runtime.

i18n: Tool descriptions default to English. Set CESIUM_LOCALE=zh-CN for Chinese.

Toolset	Tools
view (default)	`flyTo`, `setView`, `getView`, `zoomToExtent`, `saveViewpoint`, `loadViewpoint`, `listViewpoints`, `exportScene`
entity (default)	`addMarker`, `addLabel`, `addModel`, `addPolygon`, `addPolyline`, `updateEntity`, `removeEntity`, `batchAddEntities`, `queryEntities`, `getEntityProperties`
layer (default)	`addGeoJsonLayer`, `listLayers`, `removeLayer`, `clearAll`, `setLayerVisibility`, `updateLayerStyle`, `getLayerSchema`, `setBasemap`
interaction (default)	`screenshot`, `highlight`, `measure`
camera	`lookAtTransform`, `startOrbit`, `stopOrbit`, `setCameraOptions`
entity-ext	`addBillboard`, `addBox`, `addCorridor`, `addCylinder`, `addEllipse`, `addRectangle`, `addWall`
animation	`createAnimation`, `controlAnimation`, `removeAnimation`, `listAnimations`, `updateAnimationPath`, `trackEntity`, `controlClock`, `setGlobeLighting`
tiles	`load3dTiles`, `loadTerrain`, `loadImageryService`, `loadCzml`, `loadKml`
trajectory	`playTrajectory`
heatmap	`addHeatmap`
scene	`setSceneOptions`, `setPostProcess`
geolocation	`geocode`

Relationship with CesiumGS official MCP servers: The camera, entity-ext, and animation toolsets natively fuse capabilities from CesiumGS/cesium-mcp-server (Camera Server, Entity Server, Animation Server) into this project's unified bridge architecture. This means you get all official functionality plus additional tools — in a single MCP server, without running multiple processes.

Examples

See examples/minimal/ for a complete working demo.

Development

git clone https://github.com/gaopengbin/cesium-mcp.git
cd cesium-mcp
npm install
npm run build

Version Policy

Version format: {CesiumMajor}.{CesiumMinor}.{MCPPatch}

Segment	Meaning	Example
`1.139`	Tracks CesiumJS version — built & tested against Cesium `~1.139.0`	`1.139.8` → Cesium 1.139
`.8`	MCP patch — independent iterations for new tools, bug fixes, docs	`1.139.7` → `1.139.8`

When CesiumJS releases a new minor version (e.g. 1.140), we will bump accordingly: 1.140.0.