analyze_startup_programs
Identify and analyze suspicious entries in Windows startup programs to enhance system security and stability using the Windows Diagnostics MCP Server.
Instructions
Analyze startup programs for suspicious entries
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Implementation Reference
- src/tools/registry.ts:51-68 (handler)The main handler function that runs a PowerShell script to scan startup programs from the Windows registry, processes the results, and returns formatted markdown content listing each program's name, command, location, user, verified status, and suspicious flags.export async function analyzeStartupPrograms() { const result = await runPowerShellScript(REGISTRY_SCRIPT, { ScanStartup: true, JsonOutput: true }) as AllTypes.RegistryDiagnosticResults; return { content: [ { type: 'text', text: `# Startup Program Analysis ${result.StartupPrograms && result.StartupPrograms.length > 0 ? result.StartupPrograms.map(p => `- **Name**: ${p.Name} **Command**: ${p.Command} **Location**: ${p.Location} **User**: ${p.User} **Verified**: ${p.Verified} **Suspicious**: ${p.Suspicious}`).join('\n\n') : 'No startup programs found.'}`, }, ], }; }
- src/index.ts:138-144 (schema)Tool schema definition in the listTools response, specifying the tool name, description, and input schema (empty object, no required parameters).name: 'analyze_startup_programs', description: 'Analyze startup programs for suspicious entries', inputSchema: { type: 'object', properties: {}, } },
- src/index.ts:551-552 (registration)Registration in the CallToolRequest handler switch statement, dispatching calls to the analyzeStartupPrograms function from the registry module.case 'analyze_startup_programs': return await registry.analyzeStartupPrograms();