windows-cli-mcp-server

triepod-ai/windows-cli-mcp-server

3.2

If you are the rightful owner of windows-cli-mcp-server and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

A powerful MCP server for Windows command-line execution without special character restrictions, developed by Triepod.ai.

Windows CLI MCP Server

A powerful MCP server for Windows command-line execution without special character restrictions, developed by Triepod.ai.

Overview

This server provides integration between Claude or other MCP-compatible AI assistants and PowerShell, CMD, Git Bash, and other command-line interfaces on Windows. It addresses common issues with special character handling, allowing full use of pipes (|), ampersands (&), semicolons (;), and backticks (`) in commands.

Use Cases

AI-Assisted Development

  • Execute build commands and scripts through Claude during development
  • Run tests and analyze output with AI assistance
  • Automate repetitive command-line tasks with natural language instructions
  • Debug issues by having AI analyze command outputs and suggest fixes

System Administration

  • Manage Windows systems through AI-assisted command execution
  • Monitor system resources and processes with intelligent filtering
  • Automate administrative tasks across multiple shells
  • Execute remote commands via SSH integration

DevOps & Automation

  • Integrate command-line tools into AI-driven workflows
  • Orchestrate multi-step deployment processes
  • Monitor and respond to system events
  • Bridge MCP-compatible AI assistants with existing CLI tooling

When to Use This Tool

Best for:

  • Development environments where AI-assisted CLI access is valuable
  • Trusted networks and controlled environments
  • Automation workflows requiring flexible command execution
  • Integration between AI assistants and Windows command-line tools

Not recommended for:

  • Direct exposure to untrusted networks
  • Production systems without proper security hardening
  • Environments requiring strict command auditing beyond basic logging
  • Public-facing services

Repository Information

This repository is maintained by Triepod.ai and should be pushed to the Triepod.ai GitHub organization at https://github.com/triepod-ai/windows-cli-mcp-server.

Features

  • Multi-Shell Support: Works seamlessly with PowerShell, CMD, and Git Bash
  • Flexible Security Model: Configurable security controls that balance protection and functionality
  • Special Character Support: Properly handles pipes, operators, and other special characters
  • Optional SSH Integration: Execute commands on remote systems via SSH
  • Command History: Track and audit command execution (when enabled)
  • SYSTEM-level service installation
  • Automatic service recovery
  • Network binding controls
  • Process reuse for performance
  • Extended timeouts for long-running operations

Security Model

Windows CLI MCP Server provides a flexible, layered security approach that can be tailored to your environment:

Default Configuration (Secure)

  • Command validation and injection protection enabled
  • Restricted set of allowed commands
  • Path restrictions for file operations
  • Operator blocking for dangerous shell characters
  • Configurable command timeouts

Trusted Environment Mode

For development or trusted environments, security restrictions can be relaxed:

  • Disable injection protection for full command flexibility
  • Remove operator blocking for complex shell operations
  • Expand allowed command sets
  • Configure appropriate for your use case

Important: Always assess your security requirements before deploying. Use restrictive settings for production environments and only relax restrictions in controlled, trusted contexts.

Prerequisites

Before installing Windows CLI MCP Server, ensure you have the following:

Required

  • Node.js: Version 18.0.0 or higher (Download)
  • Windows: Windows 10 or Windows 11 (Server editions also supported)
  • npm: Comes bundled with Node.js
  • Administrator Access: Required for service installation

Optional

  • Git: For cloning the repository and version control
  • PowerShell: Version 5.1 or higher (pre-installed on modern Windows)
  • Git Bash: For Git Bash shell support (Download)
  • SSH Keys: For remote command execution via SSH

Verify Installation

Check your Node.js and npm versions:

node --version  # Should be v18.0.0 or higher
npm --version   # Should be 8.0.0 or higher

Installation

  1. Build the project:
npm install
npm run build

  1. Copy the built files to your Windows machine

  2. Run the installation script as administrator:

.\install-service.ps1

Configuration

The server is configured via config.json with these key options:

  • security.enableInjectionProtection: Controls whether special characters are blocked in commands
  • shells.[shell].blockedOperators: Lists characters that are blocked for each shell

Important Note: Setting enableInjectionProtection to false alone may not be sufficient to enable special characters. You must also explicitly set empty blockedOperators arrays for each shell due to how configuration merging works.

The server is generally configured for maximum capability with these key features:

  • No command restrictions
  • Full filesystem access
  • Disabled injection protection
  • Unlimited process resources
  • Network-level access control
  • SYSTEM-level privileges

See config.json for the complete configuration options.

Configuration Tips

Enabling Full Command Execution with Special Characters

If you need to use PowerShell commands with pipes (|), redirections (>), or other special characters:

  1. Set security.enableInjectionProtection to false
  2. Set empty blockedOperators arrays for all shells: 
    "shells": {
  "powershell": {
    "blockedOperators": []
  },
  "cmd": {
    "blockedOperators": []
  },
  "gitbash": {
    "blockedOperators": []
  }
}
  3. Test with a simple command like Get-Process | Select-Object -First 5

Balancing Security and Functionality

For production environments where security is a concern:

  • Keep enableInjectionProtection enabled
  • Use separate commands without special characters
  • Implement proper network-level security controls

Service Management

Installation

.\install-service.ps1

Removal

.\uninstall-service.ps1

Network Security

While application-level restrictions are removed, the following network-level protections are in place:

  • Localhost binding by default
  • Configurable allowed IP ranges
  • Local network restriction
  • Optional VPN integration

Troubleshooting

Special Character Permissions Error

Issue: Commands with special characters like pipes (|), ampersands (&), semicolons (;), or backticks () are blocked with the error "Command contains blocked operators for this shell" even when enableInjectionProtection` is set to false in the config.

Cause: There is an issue with the configuration merging logic where the default blocked operators are still applied even when custom settings are specified.

Solution: In your config.json, make these two changes:

  1. Ensure enableInjectionProtection is set to false
  2. For each shell, explicitly set an empty array for blockedOperators: 
    "shells": {
  "powershell": {
    "blockedOperators": []
  },
  "cmd": {
    "blockedOperators": []
  },
  "gitbash": {
    "blockedOperators": []
  }
}

License

This project is licensed under the MIT License - see the LICENSE file for details.

Acknowledgments

Based on the original win-cli-mcp-server by SimonB97.