AETHER_01 MCP Server

AETHER_01 is an MCP (Model Context Protocol) server written in Rust that gives AI assistants full control over Windows 10/11 via standard input/output. From process management to GUI automation, from registry to WMI queries — everything a system administrator needs.

Documentation

AETHER_01 — Full-Spectrum Windows Management MCP Server

Rust License npm

Add to Cursor Add to VS Code Add to VS Code Insiders

npm install Install via PowerShell

10 tools. 99% Windows coverage. Zero security compromises.

AETHER_01 is an MCP (Model Context Protocol) server written in Rust that gives AI assistants full control over Windows 10/11 via standard input/output. From process management to GUI automation, from registry to WMI queries — everything a system administrator needs.


Features

#ToolActions
1process_controllist, kill, create, priority, threads, affinity, modules, DLL injection*
2file_systemread/write/delete, ACL, symlinks, ADS streams, EFS, volumes, network shares
3registry_editorread/write/delete, all hives, security, monitoring, offline mounting*
4service_managerlist, start/stop/restart, config, triggers, drivers
5gui_automationmouse, keyboard, windows, screenshots, clipboard, display, audio
6system_infoCPU, memory, disk, OS, power, devices, BIOS, NTP, software, updates, BCD*
7network_manageradapters, connections, DNS, firewall, proxy, routing, WiFi, VPN, Bluetooth
8user_managementusers, groups, sessions, policies, certificates, credentials, tokens*
9security_auditaudit, UAC, Defender, AppLocker, BitLocker, TPM, Secure Boot, exploit protection
10system_automationEvent Log, Scheduled Tasks, WMI queries

* = disabled by default, enabled via .env feature gates.


Installation

AETHER_01 provides 5 installation methods — pick the one that works best for you.

Method 1: npm global install (easiest)

npm install -g @foursecondfivefour/aether-mcp-server

The postinstall script automatically downloads the latest Windows x64 binary from GitHub Releases and places it in your PATH.

Method 2: One-click PowerShell install

Run this in PowerShell 7+ (Administrator):

irm https://raw.githubusercontent.com/foursecondfivefour/aether-mcp-server/main/install.ps1 | iex

The script automatically:

  1. Downloads the latest AETHER_01 binary
  2. Creates .env with safe default settings
  3. Registers the server in all detected AI environments: Cursor, Claude Desktop, Windsurf, VS Code, and more

Method 3: One-click editor integration

Click the badge for your editor:

EditorInstall
CursorAdd to Cursor
VS CodeAdd to VS Code
VS Code InsidersAdd to VS Code Insiders

Method 4: Selective install with install.ps1

# Cursor only
.\install.ps1 -Targets cursor

# Claude Desktop + Windsurf
.\install.ps1 -Targets claude,windsurf

# Custom binary path
.\install.ps1 -BinaryPath target\release\aether-mcp-server.exe

# Specific release version
.\install.ps1 -ReleaseTag v1.0.1

Method 5: Build from source

git clone https://github.com/foursecondfivefour/aether-mcp-server
cd aether-mcp-server
Copy-Item .env.example .env
cargo build --release
.\install.ps1 -BinaryPath target\release\aether-mcp-server.exe

Manual configuration (without install script)

Cursor%USERPROFILE%\.cursor\mcp.json
{
  "mcpServers": {
    "aether-01": {
      "command": "d:\\path\\to\\aether-mcp-server.exe",
      "env": { "RUST_LOG": "info" }
    }
  }
}
Claude Desktop%APPDATA%\Claude\claude_desktop_config.json
{
  "mcpServers": {
    "aether-01": {
      "command": "d:\\path\\to\\aether-mcp-server.exe",
      "env": { "RUST_LOG": "info" }
    }
  }
}
Windsurf%USERPROFILE%\.codeium\windsurf\mcp_config.json
{
  "mcpServers": {
    "aether-01": {
      "command": "d:\\path\\to\\aether-mcp-server.exe",
      "env": { "RUST_LOG": "info" }
    }
  }
}
VS Code (Claude MCP)%APPDATA%\Code\User\globalStorage\anthropic.claude-mcp\mcp.json
{
  "mcpServers": {
    "aether-01": {
      "command": "d:\\path\\to\\aether-mcp-server.exe",
      "env": { "RUST_LOG": "info" }
    }
  }
}

After configuring, restart your editor. The MCP panel will show 10 AETHER_01 tools.


Feature Gates (.env)

Dangerous operations are disabled by default and enabled by the system administrator:

AETHER_BCD_EDIT=0          # Windows boot configuration editing
AETHER_HAL_CONFIG=0        # HAL and memory dump configuration
AETHER_OFFLINE_REGISTRY=0  # Offline registry hive mounting
AETHER_DLL_INJECT=0        # DLL injection into processes
AETHER_TOKEN_MANIPULATION=0 # Access token manipulation
AETHER_LSA_SECRETS=0       # LSA secret reading

Security

The only vulnerability is human error. AETHER_01 is a system administrator tool — like sudo, regedit, or services.msc. If you enable all feature gates, disable force checks, and blindly execute AI commands — the server does exactly what you tell it. That's not a bug. That's the nature of an administrative tool. Full threat analysis: SECURITY.md

Threat Model

Your computer (trusted environment)
│
├── Cursor / Claude / VS Code (AI client) ─── same user, same machine
│   │
│   └── AETHER_01 (stdio subprocess) ← SERVER
│       │
│       └── Windows API (system calls) — same machine, kernel
│
└── Internet ← AETHER_01 has NO network access

AETHER_01 has no network access. It is a pure stdio process. It does not make HTTP requests, open ports, or listen for connections. All communication is through stdin/stdout with the local AI client.

What the server CANNOT do

CapabilityStatusReason
Network connectionsImpossibleNo HTTP/TCP/UDP code
Shell executionImpossibleDirect Win32 API only, no cmd.exe
Remote accessImpossiblestdio only, no HTTP/SSE/TCP
Data exfiltrationImpossibleNo network path at all
Auto-start / persistenceImpossibleNo installer, no service, no autorun
Auto-updateImpossibleNo network request code

Defense mechanisms

MechanismProtection LevelDescription
Feature GatesMaximumBCD Edit, DLL Injection, LSA Secrets, Token Manipulation, Offline Registry, HAL Config — disabled by default in .env. Operations are unavailable without explicit admin enablement.
force: trueHighEvery dangerous operation requires explicit confirmation in parameters. Without "force": true the server refuses.
Input validationHighEvery parameter is validated before Win32 API calls. Invalid types, empty strings, invalid PIDs — immediate rejection.
No shell injectionHighZero cmd.exe / powershell.exe calls. All operations through direct Win32 API. No command injection path.
WMI SELECT onlyMediumWMI queries restricted to SELECT. DELETE/INSERT/UPDATE — rejected. 30s timeout, 1000 row limit.
Path canonicalizationMediumAll file paths go through canonicalize to prevent path traversal.
Full audit loggingMediumEvery tool call logged to stderr: tool, action, parameters, result.

Binary hardening

TechnologyEffect
Control Flow Guard (/GUARD:CF)Checks every indirect call — blocks ROP/JOP attacks
ASLR (/DYNAMICBASE + /HIGHENTROPYVA)Random load address — can't predict code location
DEP/NX (/NXCOMPAT)Stack and heap non-executable — no shellcode injection
Static CRT (+crt-static)No external DLL dependency — can't swap the library
Fat LTO + codegen-units=1Full dead code removal — smaller attack surface
Symbol strippingNo function names in binary — harder reverse engineering
Panic=abortNo unwind tables — smaller binary, no stack leaks

Standards compliance

AETHER_01 follows:

Prompt injection resistance

AETHER_01 tool parameters come from an LLM that is susceptible to prompt injection. Therefore:

  • Every string parameter is escaped before use in Win32 API
  • No eval-like operations — cannot "execute arbitrary code" through a parameter
  • No format strings in Win32 API — parameters are never interpreted as code
  • WMI WQL is escaped — single quotes in query strings are transformed
  • Paths are canonicalized..\..\windows\system32 is normalized to a checkable path

Known CVEs and inapplicability

CVEApplicable to AETHER?Why not
CVE-2025-54136 (MCPoison)NoAETHER is a native .exe, not via npx/npm. MCP config contains no executable code — only a binary path.
CVE-2025-54135 (CurXecute)NoAETHER does not process MCP configs from repositories. Config is written once via install.ps1.
CVE-2025-64106 (TrustFall)NoAETHER does not load workspace-level configs.
Command InjectionNoAETHER does not use shell. All Win32 API calls with typed parameters.

Bottom line: if you don't enable feature gates without understanding them, don't disable force checks, and don't run the binary from an untrusted source — AETHER_01 is safe. Like sudo on Linux: a powerful tool requiring conscious use.

Report a vulnerability

SECURITY.md — disclosure process, supported versions, supply chain audit.


Performance

  • opt-level = 3 (all LLVM optimizations)
  • lto = true (fat LTO across all crates)
  • codegen-units = 1 (full dead code elimination)
  • panic = "abort" (no unwind tables)
  • strip = "symbols" (minimal binary)
  • target-cpu = native (AVX2, BMI2, FMA, POPCNT)

Project Structure

src/
├── main.rs              # tokio::main, stdio transport
├── server.rs            # AetherServer + tool_router
├── config.rs            # FeatureGates from .env
├── error.rs             # AetherError + FormatMessageW
├── audit.rs             # Structured audit logging
└── tools/
    ├── process.rs       # process_control
    ├── filesystem.rs    # file_system
    ├── registry.rs      # registry_editor
    ├── service.rs       # service_manager
    ├── gui.rs           # gui_automation
    ├── sysinfo.rs       # system_info
    ├── network.rs       # network_manager
    ├── user.rs          # user_management
    ├── security.rs      # security_audit
    └── automation.rs    # system_automation

License

MIT