mcp-server-for-powershell

# Security Policy ## Supported Versions We only provide security updates for the latest available version of `mcp-server-for-powershell`. | Version | Supported | | ------- | ------------------ | | Latest | :white_check_mark: | | < 1.0 | :x: | ## Threat Model & Scope **Important:** This tool is designed to execute PowerShell commands generated by an LLM. By definition, it enables Arbitrary Code Execution (ACE). When reporting vulnerabilities, please distinguish between **intended functionality** and **actual security flaws**: ### Intended Functionality (Not a Vulnerability) * The ability to execute system commands (e.g., `Get-Process`, `Remove-Item`) is a feature, not a bug. * The LLM generating incorrect or destructive commands is a limitation of the model, not a vulnerability in this server. * Executing commands with the privileges of the user running the server process. ### In Scope (Vulnerabilities) * **Sandbox Escapes:** If you configure the server to run in a restricted mode (if applicable) and a command manages to bypass those restrictions. * **Command Injection (Internal):** If the server fails to properly sanitize internal arguments before passing them to the PowerShell subprocess, resulting in execution different from what the LLM requested. * **Unauthorized Access:** If the server is exposed via HTTP/SSE and allows connections without configured authentication. ## Reporting a Vulnerability Please report sensitive information via [GitHub Private Vulnerability Reporting](https://github.com/danielklecha/mcp-server-for-powershell/security/advisories/new). Please do not report security vulnerabilities through public GitHub issues. ## Best Practices for Users To use this server safely, we recommend the following: 1. **Human-in-the-Loop:** Always use an MCP client that requires user confirmation before executing tools (e.g., Claude Desktop in "Ask before running" mode). 2. **Least Privilege:** Do not run this server as Administrator/Root unless absolutely necessary. 3. **Sandboxing:** Where possible, run this server inside a container (Docker) or a virtual machine to limit the impact of destructive commands. 4. **Network Isolation:** Ensure the server is not exposed to the public internet. ## Disclaimer This software allows an automated system to execute code on your computer. You are solely responsible for securing the environment in which it runs.