powershell-mcp-server

powershell-mcp-server

0
os_automationcommunication

PowerShell MCP Server by Triepod.ai is an MCP server that facilitates the integration of AI assistants with Windows command-line interfaces, emphasizing unrestricted command execution and network-level security. It is designed for trusted environments requiring full access.

PowerShell MCP Server

A powerful MCP server for PowerShell command execution without special character restrictions, developed by Triepod.ai.

Overview

This server provides integration between Claude or other MCP-compatible AI assistants and PowerShell, CMD, Git Bash, and other command-line interfaces on Windows. It addresses common issues with special character handling, allowing full use of pipes (|), ampersands (&), semicolons (;), and backticks () in commands.

Repository Information

This repository is maintained by Triepod.ai and should be pushed to the Triepod.ai GitHub organization at https://github.com/triepod-ai/powershell-mcp-server.

  • Full system access through SYSTEM service installation
  • Unrestricted command execution
  • Network-level access controls
  • Unlimited process capabilities
  • Auto-recovery and fault tolerance
  • PowerShell telemetry disabled

Security Notice

This version removes application-level restrictions in favor of network-level security. It is designed for use in trusted environments where full system access is required.

Features

  • Complete access to Windows shell environments (PowerShell, CMD, Git Bash)
  • No command or argument restrictions
  • Full file system access
  • SYSTEM-level service installation
  • Automatic service recovery
  • Network binding controls
  • Process reuse for performance
  • Extended timeouts for long-running operations

Installation

  1. Build the project:
npm install
npm run build

  1. Copy the built files to your Windows machine

  2. Run the installation script as administrator:

.\install-service.ps1

Configuration

The server is configured via config.json with these key options:

  • security.enableInjectionProtection: Controls whether special characters are blocked in commands
  • shells.[shell].blockedOperators: Lists characters that are blocked for each shell

Important Note: Setting enableInjectionProtection to false alone may not be sufficient to enable special characters. You must also explicitly set empty blockedOperators arrays for each shell due to how configuration merging works.

The server is generally configured for maximum capability with these key features:

  • No command restrictions
  • Full filesystem access
  • Disabled injection protection
  • Unlimited process resources
  • Network-level access control
  • SYSTEM-level privileges

See config.json for the complete configuration options.

Configuration Tips

Enabling Full Command Execution with Special Characters

If you need to use PowerShell commands with pipes (|), redirections (>), or other special characters:

  1. Set security.enableInjectionProtection to false
  2. Set empty blockedOperators arrays for all shells: 
    "shells": {
  "powershell": {
    "blockedOperators": []
  },
  "cmd": {
    "blockedOperators": []
  },
  "gitbash": {
    "blockedOperators": []
  }
}
  3. Test with a simple command like Get-Process | Select-Object -First 5

Balancing Security and Functionality

For production environments where security is a concern:

  • Keep enableInjectionProtection enabled
  • Use separate commands without special characters
  • Implement proper network-level security controls

Service Management

Installation

.\install-service.ps1

Removal

.\uninstall-service.ps1

Network Security

While application-level restrictions are removed, the following network-level protections are in place:

  • Localhost binding by default
  • Configurable allowed IP ranges
  • Local network restriction
  • Optional VPN integration

Troubleshooting

Special Character Permissions Error

Issue: Commands with special characters like pipes (|), ampersands (&), semicolons (;), or backticks () are blocked with the error "Command contains blocked operators for this shell" even when enableInjectionProtection` is set to false in the config.

Cause: There is an issue with the configuration merging logic where the default blocked operators are still applied even when custom settings are specified.

Solution: In your config.json, make these two changes:

  1. Ensure enableInjectionProtection is set to false
  2. For each shell, explicitly set an empty array for blockedOperators: 
    "shells": {
  "powershell": {
    "blockedOperators": []
  },
  "cmd": {
    "blockedOperators": []
  },
  "gitbash": {
    "blockedOperators": []
  }
}

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

Based on the original win-cli-mcp-server by SimonB97. #� �p�o�w�e�r�s�h�e�l�l�-�m�c�p�-�s�e�r�v�e�r� � �