Windows CLI MCP Server

[!IMPORTANT] This MCP server provides direct access to your system's command line interface and remote systems via SSH. When enabled, it grants access to your files, environment variables, command execution capabilities, and remote server management.See Configuration for more details.

• Features

• Usage with Claude Desktop

• Configuration

• API

• Security Considerations

• License

Features

• Multi-Shell Support: Execute commands in PowerShell, Command Prompt (CMD), and Git Bash

• SSH Support: Execute commands on remote systems via SSH

• Resource Exposure: View SSH connections, current directory, and configuration as MCP resources

• Security Controls:

• Configurable:

Usage with Claude Desktop

• Execute commands directly using the available tools

• View configured SSH connections and server configuration in the Resources section

• Manage SSH connections through the provided tools

Configuration

1. To create a default config file, either:

1. Then set the --config flag to point to your config file as described in the Usage with Claude Desktop section.

Configuration Locations

1. Path specified by --config flag

2. ./config.json in current directory

3. ~/.win-cli-mcp/config.json in user's home directory

Default Configuration

Configuration Settings

Security Settings

Shell Configuration

SSH Configuration

API

Tools

• execute_command

• get_command_history

• ssh_execute

• ssh_disconnect

• create_ssh_connection

• read_ssh_connections

• update_ssh_connection

• delete_ssh_connection

• get_current_directory

Resources

• SSH Connections

• SSH Configuration

• Current Directory

• CLI Configuration

Security Considerations

Built-in Security Features (Always Active)

• Case-insensitive command blocking: All command blocking is case-insensitive (e.g., "DEL.EXE", "del.cmd", etc. are all blocked if "del" is in blockedCommands)

• Smart path parsing: The server parses full command paths to prevent bypass attempts (blocking "C:\Windows\System32\rm.exe" if "rm" is blocked)

• Command parsing intelligence: False positives are avoided (e.g., "warm_dir" is not blocked just because "rm" is in blockedCommands)

• Input validation: All user inputs are validated before execution

• Shell process management: Processes are properly terminated after execution or timeout

• Sensitive data masking: Passwords are automatically masked in resources (replaced with ********)

Configurable Security Features (Active by Default)

• Command blocking: Commands specified in blockedCommands array are blocked (default includes dangerous commands like rm, del, format)

• Argument blocking: Arguments specified in blockedArguments array are blocked (default includes potentially dangerous flags)

• Command injection protection: Prevents command chaining (enabled by default through enableInjectionProtection: true)

• Working directory restriction: Limits command execution to specified directories (enabled by default through restrictWorkingDirectory: true)

• Command length limit: Restricts maximum command length (default: 2000 characters)

• Command timeout: Terminates commands that run too long (default: 30 seconds)

• Command logging: Records command history (enabled by default through logCommands: true)

Important Security Warnings

• Environment access: Commands may have access to environment variables, which could contain sensitive information

• File system access: Commands can read/write files within allowed paths - carefully configure allowedPaths to prevent access to sensitive data

License

Windows CLI MCP Server

[!IMPORTANT] This MCP server provides direct access to your system's command line interface and remote systems via SSH. When enabled, it grants access to your files, environment variables, command execution capabilities, and remote server management.See Configuration for more details.

• Features

• Usage with Claude Desktop

• Configuration

• API

• Security Considerations

• License

Features

• Multi-Shell Support: Execute commands in PowerShell, Command Prompt (CMD), and Git Bash

• SSH Support: Execute commands on remote systems via SSH

• Resource Exposure: View SSH connections, current directory, and configuration as MCP resources

• Security Controls:

• Configurable:

Usage with Claude Desktop

• Execute commands directly using the available tools

• View configured SSH connections and server configuration in the Resources section

• Manage SSH connections through the provided tools

Configuration

1. To create a default config file, either:

1. Then set the --config flag to point to your config file as described in the Usage with Claude Desktop section.

Configuration Locations

1. Path specified by --config flag

2. ./config.json in current directory

3. ~/.win-cli-mcp/config.json in user's home directory

Default Configuration

Configuration Settings

Security Settings

Shell Configuration

SSH Configuration

API

Tools

• execute_command

• get_command_history

• ssh_execute

• ssh_disconnect

• create_ssh_connection

• read_ssh_connections

• update_ssh_connection

• delete_ssh_connection

• get_current_directory

Resources

• SSH Connections

• SSH Configuration

• Current Directory

• CLI Configuration

Security Considerations

Built-in Security Features (Always Active)

• Case-insensitive command blocking: All command blocking is case-insensitive (e.g., "DEL.EXE", "del.cmd", etc. are all blocked if "del" is in blockedCommands)

• Smart path parsing: The server parses full command paths to prevent bypass attempts (blocking "C:\Windows\System32\rm.exe" if "rm" is blocked)

• Command parsing intelligence: False positives are avoided (e.g., "warm_dir" is not blocked just because "rm" is in blockedCommands)

• Input validation: All user inputs are validated before execution

• Shell process management: Processes are properly terminated after execution or timeout

• Sensitive data masking: Passwords are automatically masked in resources (replaced with ********)

Configurable Security Features (Active by Default)

• Command blocking: Commands specified in blockedCommands array are blocked (default includes dangerous commands like rm, del, format)

• Argument blocking: Arguments specified in blockedArguments array are blocked (default includes potentially dangerous flags)

• Command injection protection: Prevents command chaining (enabled by default through enableInjectionProtection: true)

• Working directory restriction: Limits command execution to specified directories (enabled by default through restrictWorkingDirectory: true)

• Command length limit: Restricts maximum command length (default: 2000 characters)

• Command timeout: Terminates commands that run too long (default: 30 seconds)

• Command logging: Records command history (enabled by default through logCommands: true)

Important Security Warnings

• Environment access: Commands may have access to environment variables, which could contain sensitive information

• File system access: Commands can read/write files within allowed paths - carefully configure allowedPaths to prevent access to sensitive data

License