execute_command
Run approved Windows commands and retrieve output securely using the Windows Command Line MCP Server. Supports basic commands like 'dir' and 'echo' with configurable working directory and timeout settings.
Instructions
Execute a Windows command and return its output. Only commands in the allowed list can be executed. This tool should be used for running simple commands like 'dir', 'echo', etc.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| command | Yes | The command to execute | |
| timeout | No | Timeout in milliseconds | |
| workingDir | No | Working directory for the command |
Implementation Reference
- index.ts:454-513 (handler)The primary handler logic for the 'execute_command' MCP tool. It performs security validation to block dangerous commands, sets up execution options, constructs the shell command (cmd.exe /c on Windows), calls the executeCommand helper, and returns the stdout as text content or an error.async ({ command, workingDir, timeout }) => { try { // Security check: Ensure only allowed commands are executed const commandLower = command.toLowerCase(); // Block potentially dangerous commands const dangerousPatterns = [ 'net user', 'net localgroup', 'netsh', 'format', 'rd /s', 'rmdir /s', 'del /f', 'reg delete', 'shutdown', 'taskkill', 'sc delete', 'bcdedit', 'cacls', 'icacls', 'takeown', 'diskpart', 'cipher /w', 'schtasks /create', 'rm -rf', 'sudo', 'chmod', 'chown', 'passwd', 'mkfs', 'dd' ]; // Check for dangerous patterns if (dangerousPatterns.some(pattern => commandLower.includes(pattern.toLowerCase()))) { return { isError: true, content: [ { type: "text", text: "Command contains potentially dangerous operations and cannot be executed.", }, ], }; } const options: any = { timeout }; if (workingDir) { options.cwd = workingDir; } let cmdToExecute; if (isWindows) { cmdToExecute = `cmd.exe /c ${command}`; } else { // For non-Windows, try to execute the command directly cmdToExecute = command; } const stdout = executeCommand(cmdToExecute, options); return { content: [ { type: "text", text: stdout.toString() || 'Command executed successfully (no output)', }, ], }; } catch (error) { return { isError: true, content: [ { type: "text", text: `Error executing command: ${error}`, }, ], }; } }
- index.ts:449-453 (schema)Zod input schema defining parameters for the execute_command tool: required 'command' string, optional 'workingDir' string, and optional 'timeout' number (defaults to 30000ms).{ command: z.string().describe("The command to execute"), workingDir: z.string().optional().describe("Working directory for the command"), timeout: z.number().default(30000).describe("Timeout in milliseconds"), },
- index.ts:446-514 (registration)Registration of the 'execute_command' tool on the MCP server using server.tool(), including name, description, schema, and inline handler function.server.tool( "execute_command", "Execute a Windows command and return its output. Only commands in the allowed list can be executed. This tool should be used for running simple commands like 'dir', 'echo', etc.", { command: z.string().describe("The command to execute"), workingDir: z.string().optional().describe("Working directory for the command"), timeout: z.number().default(30000).describe("Timeout in milliseconds"), }, async ({ command, workingDir, timeout }) => { try { // Security check: Ensure only allowed commands are executed const commandLower = command.toLowerCase(); // Block potentially dangerous commands const dangerousPatterns = [ 'net user', 'net localgroup', 'netsh', 'format', 'rd /s', 'rmdir /s', 'del /f', 'reg delete', 'shutdown', 'taskkill', 'sc delete', 'bcdedit', 'cacls', 'icacls', 'takeown', 'diskpart', 'cipher /w', 'schtasks /create', 'rm -rf', 'sudo', 'chmod', 'chown', 'passwd', 'mkfs', 'dd' ]; // Check for dangerous patterns if (dangerousPatterns.some(pattern => commandLower.includes(pattern.toLowerCase()))) { return { isError: true, content: [ { type: "text", text: "Command contains potentially dangerous operations and cannot be executed.", }, ], }; } const options: any = { timeout }; if (workingDir) { options.cwd = workingDir; } let cmdToExecute; if (isWindows) { cmdToExecute = `cmd.exe /c ${command}`; } else { // For non-Windows, try to execute the command directly cmdToExecute = command; } const stdout = executeCommand(cmdToExecute, options); return { content: [ { type: "text", text: stdout.toString() || 'Command executed successfully (no output)', }, ], }; } catch (error) { return { isError: true, content: [ { type: "text", text: `Error executing command: ${error}`, }, ], }; } } );
- index.ts:17-47 (helper)Supporting helper function 'executeCommand' that performs the actual execSync call. Handles Windows directly, modifies commands for non-Windows compatibility by stripping Windows shell prefixes, and provides fallback error handling.function executeCommand(command: string, options: any = {}) { if (isWindows) { return execSync(command, options); } else { // Log warning for non-Windows environments console.error(`Warning: Running in a non-Windows environment (${platform()}). Windows commands may not work.`); // For testing purposes on non-Windows platforms try { // For Linux/MacOS, we'll strip cmd.exe and powershell.exe references let modifiedCmd = command; // Replace cmd.exe /c with empty string modifiedCmd = modifiedCmd.replace(/cmd\.exe\s+\/c\s+/i, ''); // Replace powershell.exe -Command with empty string or a compatible command modifiedCmd = modifiedCmd.replace(/powershell\.exe\s+-Command\s+("|')/i, ''); // Remove trailing quotes if we removed powershell -Command if (modifiedCmd !== command) { modifiedCmd = modifiedCmd.replace(/("|')$/, ''); } console.error(`Attempting to execute modified command: ${modifiedCmd}`); return execSync(modifiedCmd, options); } catch (error) { console.error(`Error executing modified command: ${error}`); return Buffer.from(`This tool requires a Windows environment. Current platform: ${platform()}`); } } }