Windows CLI
MCP server for secure command-line interactions on Windows systems, enabling controlled access to PowerShell, CMD, and Git Bash shells.
Windows CLI MCP Server
[!CAUTION] PROJECT DEPRECATED - No longer maintained. Use https://github.com/wonderwhy-er/DesktopCommanderMCP instead for similar functionality.
MCP server for secure command-line interactions on Windows systems, enabling controlled access to PowerShell, CMD, Git Bash shells, and remote systems via SSH. It allows MCP clients (like Claude Desktop) to perform operations on your system, similar to Open Interpreter.
[!IMPORTANT] This MCP server provides direct access to your system's command line interface and remote systems via SSH. When enabled, it grants access to your files, environment variables, command execution capabilities, and remote server management.
- Review and restrict allowed paths and SSH connections
- Enable directory restrictions
- Configure command blocks
- Consider security implications
See Configuration for more details.
Features
- Multi-Shell Support: Execute commands in PowerShell, Command Prompt (CMD), and Git Bash
- SSH Support: Execute commands on remote systems via SSH
- Resource Exposure: View SSH connections, current directory, and configuration as MCP resources
- Security Controls:
- Command and SSH command blocking (full paths, case variations)
- Working directory validation
- Maximum command length limits
- Command logging and history tracking
- Smart argument validation
- Configurable:
- Custom security rules
- Shell-specific settings
- SSH connection profiles
- Path restrictions
- Blocked command lists
See the API section for more details on the tools and resources the server provides to MCP clients.
Note: The server will only allow operations within configured directories, with allowed commands, and on configured SSH connections.
Usage with Claude Desktop
Add this to your claude_desktop_config.json:
{
"mcpServers": {
"windows-cli": {
"command": "npx",
"args": ["-y", "@simonb97/server-win-cli"]
}
}
}
For use with a specific config file, add the --config flag:
{
"mcpServers": {
"windows-cli": {
"command": "npx",
"args": [
"-y",
"@simonb97/server-win-cli",
"--config",
"path/to/your/config.json"
]
}
}
}
After configuring, you can:
- Execute commands directly using the available tools
- View configured SSH connections and server configuration in the Resources section
- Manage SSH connections through the provided tools
Configuration
The server uses a JSON configuration file to customize its behavior. You can specify settings for security controls, shell configurations, and SSH connections.
- To create a default config file, either:
a) copy config.json.example to config.json, or
b) run:
npx @simonb97/server-win-cli --init-config ./config.json
- Then set the
--configflag to point to your config file as described in the Usage with Claude Desktop section.
Configuration Locations
The server looks for configuration in the following locations (in order):
- Path specified by
--configflag - ./config.json in current directory
- ~/.win-cli-mcp/config.json in user's home directory
If no configuration file is found, the server will use a default (restricted) configuration:
Default Configuration
Note: The default configuration is designed to be restrictive and secure. Find more details on each setting in the Configuration Settings section.
{
"security": {
"maxCommandLength": 2000,
"blockedCommands": [
"rm",
"del",
"rmdir",
"format",
"shutdown",
"restart",
"reg",
"regedit",
"net",
"netsh",
"takeown",
"icacls"
],
"blockedArguments": [
"--exec",
"-e",
"/c",
"-enc",
"-encodedcommand",
"-command",
"--interactive",
"-i",
"--login",
"--system"
],
"allowedPaths": ["User's home directory", "Current working directory"],
"restrictWorkingDirectory": true,
"logCommands": true,
"maxHistorySize": 1000,
"commandTimeout": 30,
"enableInjectionProtection": true
},
"shells": {
"powershell": {
"enabled": true,
"command": "powershell.exe",
"args": ["-NoProfile", "-NonInteractive", "-Command"],
"blockedOperators": ["&", "|", ";", "`"]
},
"cmd": {
"enabled": true,
"command": "cmd.exe",
"args": ["/c"],
"blockedOperators": ["&", "|", ";", "`"]
},
"gitbash": {
"enabled": true,
"command": "C:\\Program Files\\Git\\bin\\bash.exe",
"args": ["-c"],
"blockedOperators": ["&", "|", ";", "`"]
}
},
"ssh": {
"enabled": false,
"defaultTimeout": 30,
"maxConcurrentSessions": 5,
"keepaliveInterval": 10000,
"keepaliveCountMax": 3,
"readyTimeout": 20000,
"connections": {}
}
}
Configuration Settings
The configuration file is divided into three main sections: security, shells, and ssh.
Security Settings
{
"security": {
// Maximum allowed length for any command
"maxCommandLength": 1000,
// Commands to block - blocks both direct use and full paths
// Example: "rm" blocks both "rm" and "C:\\Windows\\System32\\rm.exe"
// Case-insensitive: "del" blocks "DEL.EXE", "del.cmd", etc.
"blockedCommands": [
"rm", // Delete files
"del", // Delete files
"rmdir", // Delete directories
"format", // Format disks
"shutdown", // Shutdown system
"restart", // Restart system
"reg", // Registry editor
"regedit", // Registry editor
"net", // Network commands
"netsh", // Network commands
"takeown", // Take ownership of files
"icacls" // Change file permissions
],
// Arguments that will be blocked when used with any command
// Note: Checks each argument independently - "cd warm_dir" won't be blocked just because "rm" is in blockedCommands
"blockedArguments": [
"--exec", // Execution flags
"-e", // Short execution flags
"/c", // Command execution in some shells
"-enc", // PowerShell encoded commands
"-encodedcommand", // PowerShell encoded commands
"-command", // Direct PowerShell command execution
"--interactive", // Interactive mode which might bypass restrictions
"-i", // Short form of interactive
"--login", // Login shells might have different permissions
"--system" // System level operations
],
// List of directories where commands can be executed
"allowedPaths": ["C:\\Users\\YourUsername", "C:\\Projects"],
// If true, commands can only run in allowedPaths
"restrictWorkingDirectory": true,
// If true, saves command history
"logCommands": true,
// Maximum number of commands to keep in history
"maxHistorySize": 1000,
// Timeout for command execution in seconds (default: 30)
"commandTimeout": 30,
// Enable or disable protection against command injection (covers ;, &, |, \`)
"enableInjectionProtection": true
}
}
Shell Configuration
{
"shells": {
"powershell": {
// Enable/disable this shell
"enabled": true,
// Path to shell executable
"command": "powershell.exe",
// Default arguments for the shell
"args": ["-NoProfile", "-NonInteractive", "-Command"],
// Optional: Specify which command operators to block
"blockedOperators": ["&", "|", ";", "`"] // Block all command chaining
},
"cmd": {
"enabled": true,
"command": "cmd.exe",
"args": ["/c"],
"blockedOperators": ["&", "|", ";", "`"] // Block all command chaining
},
"gitbash": {
"enabled": true,
"command": "C:\\Program Files\\Git\\bin\\bash.exe",
"args": ["-c"],
"blockedOperators": ["&", "|", ";", "`"] // Block all command chaining
}
}
}
SSH Configuration
{
"ssh": {
// Enable/disable SSH functionality
"enabled": false,
// Default timeout for SSH commands in seconds
"defaultTimeout": 30,
// Maximum number of concurrent SSH sessions
"maxConcurrentSessions": 5,
// Interval for sending keepalive packets (in milliseconds)
"keepaliveInterval": 10000,
// Maximum number of failed keepalive attempts before disconnecting
"keepaliveCountMax": 3,
// Timeout for establishing SSH connections (in milliseconds)
"readyTimeout": 20000,
// SSH connection profiles
"connections": {
// NOTE: these examples are not set in the default config!
// Example: Local Raspberry Pi
"raspberry-pi": {
"host": "raspberrypi.local", // Hostname or IP address
"port": 22, // SSH port
"username": "pi", // SSH username
"password": "raspberry", // Password authentication (if not using key)
"keepaliveInterval": 10000, // Override global keepaliveInterval
"keepaliveCountMax": 3, // Override global keepaliveCountMax
"readyTimeout": 20000 // Override global readyTimeout
},
// Example: Remote server with key authentication
"dev-server": {
"host": "dev.example.com",
"port": 22,
"username": "admin",
"privateKeyPath": "C:\\Users\\YourUsername\\.ssh\\id_rsa", // Path to private key
"keepaliveInterval": 10000,
"keepaliveCountMax": 3,
"readyTimeout": 20000
}
}
}
}
API
Tools
-
execute_command
- Execute a command in the specified shell
- Inputs:
shell(string): Shell to use ("powershell", "cmd", or "gitbash")command(string): Command to executeworkingDir(optional string): Working directory
- Returns command output as text, or error message if execution fails
-
get_command_history
- Get the history of executed commands
- Input:
limit(optional number) - Returns timestamped command history with outputs
-
ssh_execute
- Execute a command on a remote system via SSH
- Inputs:
connectionId(string): ID of the SSH connection to usecommand(string): Command to execute
- Returns command output as text, or error message if execution fails
-
ssh_disconnect
- Disconnect from an SSH server
- Input:
connectionId(string): ID of the SSH connection to disconnect
- Returns confirmation message
-
create_ssh_connection
- Create a new SSH connection
- Inputs:
connectionId(string): ID for the new SSH connectionconnectionConfig(object): Connection configuration details including host, port, username, and either password or privateKeyPath
- Returns confirmation message
-
read_ssh_connections
- Read all configured SSH connections
- Returns a list of all SSH connections from the configuration
-
update_ssh_connection
- Update an existing SSH connection
- Inputs:
connectionId(string): ID of the SSH connection to updateconnectionConfig(object): New connection configuration details
- Returns confirmation message
-
delete_ssh_connection
- Delete an SSH connection
- Input:
connectionId(string): ID of the SSH connection to delete
- Returns confirmation message
-
get_current_directory
- Get the current working directory of the server
- Returns the current working directory path
Resources
-
SSH Connections
- URI format:
ssh://{connectionId} - Contains connection details with sensitive information masked
- One resource for each configured SSH connection
- Example:
ssh://raspberry-pishows configuration for the "raspberry-pi" connection
- URI format:
-
SSH Configuration
- URI:
ssh://config - Contains overall SSH configuration and all connections (with passwords masked)
- Shows settings like defaultTimeout, maxConcurrentSessions, and the list of connections
- URI:
-
Current Directory
- URI:
cli://currentdir - Contains the current working directory of the CLI server
- Shows the path where commands will execute by default
- URI:
-
CLI Configuration
- URI:
cli://config - Contains the CLI server configuration (excluding sensitive data)
- Shows security settings, shell configurations, and SSH settings
- URI:
Security Considerations
Built-in Security Features (Always Active)
The following security features are hard-coded into the server and cannot be disabled:
- Case-insensitive command blocking: All command blocking is case-insensitive (e.g., "DEL.EXE", "del.cmd", etc. are all blocked if "del" is in blockedCommands)
- Smart path parsing: The server parses full command paths to prevent bypass attempts (blocking "C:\Windows\System32\rm.exe" if "rm" is blocked)
- Command parsing intelligence: False positives are avoided (e.g., "warm_dir" is not blocked just because "rm" is in blockedCommands)
- Input validation: All user inputs are validated before execution
- Shell process management: Processes are properly terminated after execution or timeout
- Sensitive data masking: Passwords are automatically masked in resources (replaced with ********)
Configurable Security Features (Active by Default)
These security features are configurable through the config.json file:
- Command blocking: Commands specified in
blockedCommandsarray are blocked (default includes dangerous commands like rm, del, format) - Argument blocking: Arguments specified in
blockedArgumentsarray are blocked (default includes potentially dangerous flags) - Command injection protection: Prevents command chaining (enabled by default through
enableInjectionProtection: true) - Working directory restriction: Limits command execution to specified directories (enabled by default through
restrictWorkingDirectory: true) - Command length limit: Restricts maximum command length (default: 2000 characters)
- Command timeout: Terminates commands that run too long (default: 30 seconds)
- Command logging: Records command history (enabled by default through
logCommands: true)
Important Security Warnings
These are not features but important security considerations to be aware of:
- Environment access: Commands may have access to environment variables, which could contain sensitive information
- File system access: Commands can read/write files within allowed paths - carefully configure
allowedPathsto prevent access to sensitive data
License
This project is licensed under the MIT License - see the LICENSE file for details.
Servidores relacionados
Alpha Vantage MCP Server
patrocinadorAccess financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
Tekion Persona Loader
Loads AI persona definitions from a GitLab repository.
Atlas Docs
Access technical documentation for libraries and frameworks, formatted in clean markdown for LLM consumption.
Onyx MCP Server
Search and query Onyx programming language documentation and GitHub code examples.
BCMS MCP
Give me a one - two sentence description of the BCMS MCP # MCP The BCMS Model Context Protocol (MCP) integration enables AI assistants like Claude, Cursor, and other MCP-compatible tools to interact directly with your BCMS content. This allows you to create, read, and update content entries, manage media files, and explore your content structure—all through natural language conversations with AI. ## What is MCP? The [Model Context Protocol (MCP)](https://modelcontextprotocol.io/) is an open standard developed by Anthropic that allows AI applications to securely connect to external data sources and tools. With BCMS MCP support, you can leverage AI assistants to: - Query and explore your content structure - Create new content entries with AI-generated content - Update existing entries - Manage your media library - Get intelligent suggestions based on your content model --- ## Getting Started ### Prerequisites 1. A BCMS account with an active instance 2. An MCP key with appropriate permissions 3. An MCP-compatible client (Claude Desktop, Cursor, or any MCP client) ### Step 1: Create an MCP Key 1. Navigate to your BCMS dashboard 2. Go to Settings → MCP 3. Click Create MCP Key 4. Configure the permissions for templates you want the AI to access:GET: Read entries 5. POST: Create entries 6. PUT: Update entries 7. DELETE: Delete entries Note: Right now, MCP only supports creating, reading and updating content. ### Step 2: Configure Your MCP Client You can find full instructions for integrating BCMS with your AI tools right inside BCMS, on the MCP page. But in general, installing BCMS MCP works in a standard way: ``` { "mcpServers": { "bcms": { "url": "https://app.thebcms.com/api/v3/mcp?mcpKey=YOUR_MCP_KEY" } } } ``` ## Available Tools Once connected, your AI assistant will have access to the following tools based on your MCP key permissions: ### Content Discovery #### list_templates_and_entries Lists all templates and their entries that you have access to. This is typically the first tool to call when exploring your BCMS content. Returns: - Template IDs, names, and slugs - Entry IDs with titles and slugs for each language Example prompt: "Show me all the templates and entries in my BCMS" --- ### Entry Management #### list_entries_for_{templateId} Retrieves all entries for a specific template with full content data. A separate tool is generated for each template you have access to. Returns: - Complete entry data including all meta fields - Content in all configured languages - Entry statuses Example prompt: "List all blog posts from my Blog template" --- #### create_entry_for_{templateId} Creates a new entry for a specific template. The input schema is dynamically generated based on your template's field structure. Input: - statuses: Array of status assignments per language - meta: Array of metadata for each language (title, slug, custom fields) - content: Array of content nodes for each language Example prompt: "Create a new blog post titled 'Getting Started with BCMS' with a brief introduction paragraph" --- #### update_entry_for_{templateId} Updates an existing entry for a specific language. Input: - entryId: The ID of the entry to update - lng: Language code (e.g., "en") - status: Optional status ID - meta: Updated metadata - content: Updated content nodes Example prompt: "Update the introduction paragraph of my 'Getting Started' blog post" --- ### Media Management #### list_all_media Lists all media files in your media library. Returns: - Media IDs, names, and types - File metadata (size, dimensions for images) - Parent directory information Example prompt: "Show me all images in my media library" --- #### list_media_dirs Lists the directory structure of your media library. Returns: - Hierarchical directory structure - Directory IDs and names Example prompt: "Show me the folder structure of my media library" --- #### create-media-directory Creates a new directory in your media library. Input: - name: Name of the directory - parentId: Optional parent directory ID (root if not specified) Example prompt: "Create a new folder called 'Blog Images' in my media library" --- #### request-upload-media-url Returns a URL you use to upload a file (for example via POST with multipart form data), which avoids pushing large binaries through the MCP tool payload. You still need a valid file name and MIME type when uploading, as described in the tool response. Availability: Only when the MCP key has Can mutate media enabled. Example prompt: “Give me an upload URL for a new hero image, then tell me how to upload it.” Input: - fileName: Name of the file with extension - fileData: Base64-encoded file data (with data URI prefix) - parentId: Optional parent directory ID Example prompt: "Upload this image to my Blog Images folder" --- ### Linking Tools #### get_entry_pointer_link Generates an internal BCMS link to an entry for use in content. Input: - entryId: The ID of the entry to link to Returns: - Internal link format: entry:{entryId}@*_{templateId}:entry Example prompt: "Get me the internal link for the 'About Us' page entry" --- #### get_media_pointer_link Generates an internal BCMS link to a media item for use in content. Input: - mediaId: The ID of the media item Returns: - Internal link format: media:{mediaId}@*_@*_:entry Example prompt: "Get the link for the hero image so I can use it in my blog post" --- ## Content Structure ### Entry Content Nodes When creating or updating entries, content is structured as an array of nodes. Supported node types include: Type Description paragraph Standard text paragraph heading Heading (h1-h6) bulletList Unordered list orderedList Numbered list listItem List item codeBlock Code block with syntax highlighting blockquote Quote block image Image node widget Custom widget with props ### Example Content Structure ``` { "content": [ { "lng": "en", "nodes": [ { "type": "heading", "attrs": { "level": 1 }, "content": [ { "type": "text", "text": "Welcome to BCMS" } ] }, { "type": "paragraph", "content": [ { "type": "text", "text": "This is your first paragraph." } ] } ] } ] } ``` ## Security & Permissions ### MCP Key Scopes Your MCP key controls what the AI can access: - Template Access: Only templates explicitly granted in the MCP key are visible - Operation Permissions: Each template can have independent GET/POST/PUT/DELETE permissions - Media Access: Media operations are controlled separately ### Best Practices 1. Principle of Least Privilege: Only grant the permissions needed for your use case 2. Separate Keys: Create different MCP keys for different purposes or team members 3. Regular Rotation: Periodically rotate your MCP keys ## Use Cases ### Content Creation Workflows Blog Post Creation "Create a new blog post about the benefits of headless CMS. Include an introduction, three main benefits with explanations, and a conclusion. Use the Blog template." Product Updates "Update the price field for all products in the Electronics category to apply a 10% discount" ### Content Exploration Content Audit "List all blog posts that don't have a featured image set" Translation Status "Show me which entries are missing German translations" ### Media Organization Library Cleanup "Show me all unused images in the media library" Folder Setup "Create folder structure for: Products > Categories > Electronics, Clothing, Home" ## Troubleshooting ### Common Issues #### "MCP key not found" - Verify your MCP key format: keyId.keySecret.instanceId - Ensure the MCP key hasn't been deleted or deactivated - Check that you're using the correct instance #### "MCP key does not have access to template" - Review your MCP key permissions in the dashboard - Ensure the required operation (GET/POST/PUT/DELETE) is enabled for the template #### Session Expired - MCP sessions may timeout after periods of inactivity - Simply start a new conversation to establish a fresh session ### Getting Help - Documentation: [thebcms.com/docs](https://thebcms.com/docs) - Support: [[email protected]](mailto:[email protected]) - Community: [Join BCMS Discord](https://discord.com/invite/SYBY89ccaR) for community support ## Technical Reference ### Endpoint POST https://app.thebcms.com/api/v3/mcp?mcpKey={MCP_KEY} ### Transport BCMS MCP uses the Streamable HTTP transport with session management. Sessions are maintained via the mcp-session-id header. ### Response Format All tools return structured JSON responses conforming to the MCP specification with: - content: Array of content blocks - structuredContent: Typed response data ## Rate Limits MCP requests are subject to the same rate limits as API requests: - Requests are tracked per MCP key - Contact support if you need higher limits for production workloads
agentskill.sh
Search, discover, and install 55k+ AI agent skills for Claude Code, Cursor, Copilot, Windsurf, and more.
MCP Cost Tracker Router
Real-time cost awareness for MCP agent workflows — track spend, set budgets, and route by model pricing
Smithery Reference Servers
A collection of reference implementations for Model Context Protocol (MCP) servers in Typescript and Python, demonstrating MCP features and SDK usage.
PCM
A server for reverse engineering tasks using the pcm toolkit. Requires a local clone of the pcm repository.
Adobe After Effects
Control Adobe After Effects through a standardized protocol, enabling AI assistants and other applications.
LLM API Benchmark MCP Server
Benchmark LLM APIs for throughput and Time To First Token (TTFT) under various concurrency levels.