super-win-cli

Super Windows CLI MCP Server provides a network-accessible interface that enables unrestricted Windows shell access from within a controlled MCP environment. It supports running PowerShell, CMD, and Git Bash sessions with SYSTEM-level privileges and full filesystem access. The server is designed for trusted environments where network-level protections are in place, and it binds locally by default with configurable allowed IP ranges. To use it, install the project dependencies, build the server, and run the Node.js server entrypoint. Once running, you can connect through the MCP client tooling or API to dispatch commands, manage processes, and access files remotely. The server supports service installation on Windows via the included install-service.ps1 script and can be configured via config.json for features like access controls, timeouts, and network bindings.

Prerequisites:

• Windows operating system
• Node.js and npm installed
• Administrative privileges for service installation

Installation steps:

1. Clone or download the repository
2. Install dependencies and build: npm install npm run build
3. Copy the built files to the target Windows machine if deploying remotely
4. Install the Windows service (must run in an elevated PowerShell): .\install-service.ps1
5. Start or manage the service via Windows Services or using the provided uninstall script when needed: .\uninstall-service.ps1
6. Ensure the service is listening on the desired port and that your firewall allows the required traffic

Optional: configure config.json to tailor access controls and network bindings before starting the service.

Security implications: This MCP server provides unrestricted command execution and full system access, protected primarily by network-level controls. Ensure you operate in a trusted environment and restrict network access to known clients. Common issues include firewall rules blocking local binding, service installation failures due to execution policy, and misconfigurations in config.json. Recommended practices include setting a explicit localhost binding by default, configuring allowed IP ranges, and reviewing network VPN settings if used. Keep the installation scripts and config.json secure, and monitor logs for unusual activity.