Desktop Commander MCP

set_config_value

Destructive

Update Desktop Commander MCP server configuration settings like blocked commands, default shell, directory access, and file operation limits to customize security and functionality.

Instructions

                    Set a specific configuration value by key.
                    
                    WARNING: Should be used in a separate chat from file operations and 
                    command execution to prevent security issues.
                    
                    Config keys include:
                    - blockedCommands (array)
                    - defaultShell (string)
                    - allowedDirectories (array of paths)
                    - fileReadLineLimit (number, max lines for read_file)
                    - fileWriteLineLimit (number, max lines per write_file call)
                    - telemetryEnabled (boolean)
                    
                    IMPORTANT: Setting allowedDirectories to an empty array ([]) allows full access 
                    to the entire file system, regardless of the operating system.
                    
                    This command can be referenced as "DC: ..." or "use Desktop Commander to ..." in your instructions.

Input Schema

TableJSON Schema

Name	Required	Description	Default
`key`	Yes
`value`	Yes

Implementation Reference

src/tools/config.ts:61-150 (handler)

The handler function for the set_config_value tool. Parses input arguments using the schema, handles special JSON parsing and array conversion for specific config keys like allowedDirectories and blockedCommands, updates the config using configManager.setValue, retrieves and returns the updated configuration, with comprehensive error handling.

export async function setConfigValue(args: unknown) {
  console.error(`setConfigValue called with args: ${JSON.stringify(args)}`);
  try {
    const parsed = SetConfigValueArgsSchema.safeParse(args);
    if (!parsed.success) {
      console.error(`Invalid arguments for set_config_value: ${parsed.error}`);
      return {
        content: [{
          type: "text",
          text: `Invalid arguments: ${parsed.error}`
        }],
        isError: true
      };
    }

    try {
      // Parse string values that should be arrays or objects
      let valueToStore = parsed.data.value;
      
      // If the value is a string that looks like an array or object, try to parse it
      if (typeof valueToStore === 'string' && 
          (valueToStore.startsWith('[') || valueToStore.startsWith('{'))) {
        try {
          valueToStore = JSON.parse(valueToStore);
          console.error(`Parsed string value to object/array: ${JSON.stringify(valueToStore)}`);
        } catch (parseError) {
          console.error(`Failed to parse string as JSON, using as-is: ${parseError}`);
        }
      }

      // Special handling for known array configuration keys
      if ((parsed.data.key === 'allowedDirectories' || parsed.data.key === 'blockedCommands') && 
          !Array.isArray(valueToStore)) {
        if (typeof valueToStore === 'string') {
          const originalString = valueToStore;
          try {
            const parsedValue = JSON.parse(originalString);
            valueToStore = parsedValue;
          } catch (parseError) {
            console.error(`Failed to parse string as array for ${parsed.data.key}: ${parseError}`);
            // If parsing failed and it's a single value, convert to an array with one item
            if (!originalString.includes('[')) {
              valueToStore = [originalString];
            }
          }
        } else if (valueToStore !== null) {
          // If not a string or array (and not null), convert to an array with one item
          valueToStore = [String(valueToStore)];
        }
        
        // Ensure the value is an array after all our conversions
        if (!Array.isArray(valueToStore)) {
          console.error(`Value for ${parsed.data.key} is still not an array, converting to array`);
          valueToStore = [String(valueToStore)];
        }
      }

      await configManager.setValue(parsed.data.key, valueToStore);
      // Get the updated configuration to show the user
      const updatedConfig = await configManager.getConfig();
      console.error(`setConfigValue: Successfully set ${parsed.data.key} to ${JSON.stringify(valueToStore)}`);
      return {
        content: [{
          type: "text",
          text: `Successfully set ${parsed.data.key} to ${JSON.stringify(valueToStore, null, 2)}\n\nUpdated configuration:\n${JSON.stringify(updatedConfig, null, 2)}`
        }],
      };
    } catch (saveError: any) {
      console.error(`Error saving config: ${saveError.message}`);
      // Continue with in-memory change but report error
      return {
        content: [{
          type: "text", 
          text: `Value changed in memory but couldn't be saved to disk: ${saveError.message}`
        }],
        isError: true
      };
    }
  } catch (error) {
    console.error(`Error in setConfigValue: ${error instanceof Error ? error.message : String(error)}`);
    console.error(error instanceof Error && error.stack ? error.stack : 'No stack trace available');
    return {
      content: [{
        type: "text",
        text: `Error setting value: ${error instanceof Error ? error.message : String(error)}`
      }],
      isError: true
    };
  }
}

src/tools/schemas.ts:6-15 (schema)

Zod input schema validation for set_config_value tool arguments: requires 'key' (string) and 'value' (string | number | boolean | string[] | null).

export const SetConfigValueArgsSchema = z.object({
  key: z.string(),
  value: z.union([
    z.string(),
    z.number(),
    z.boolean(),
    z.array(z.string()),
    z.null(),
  ]),
});

src/server.ts:212-238 (registration)

Static tool definition in the list_tools handler: specifies name 'set_config_value', detailed description warning about security, input schema from SetConfigValueArgsSchema, and annotations indicating it's destructive.

    name: "set_config_value",
    description: `
            Set a specific configuration value by key.
            
            WARNING: Should be used in a separate chat from file operations and 
            command execution to prevent security issues.
            
            Config keys include:
            - blockedCommands (array)
            - defaultShell (string)
            - allowedDirectories (array of paths)
            - fileReadLineLimit (number, max lines for read_file)
            - fileWriteLineLimit (number, max lines per write_file call)
            - telemetryEnabled (boolean)
            
            IMPORTANT: Setting allowedDirectories to an empty array ([]) allows full access 
            to the entire file system, regardless of the operating system.
            
            ${CMD_PREFIX_DESCRIPTION}`,
    inputSchema: zodToJsonSchema(SetConfigValueArgsSchema),
    annotations: {
        title: "Set Configuration Value",
        readOnlyHint: false,
        destructiveHint: true,
        openWorldHint: false,
    },
},

src/server.ts:1147-1156 (registration)

Dispatch logic in the call_tool request handler: calls the setConfigValue handler function with args, with error catching and fallback error response.

case "set_config_value":
    try {
        result = await setConfigValue(args);
    } catch (error) {
        capture('server_request_error', { message: `Error in set_config_value handler: ${error}` });
        result = {
            content: [{ type: "text", text: `Error: Failed to set configuration value` }],
            isError: true,
        };
    }

Tool Definition Quality

A4.1/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations indicate destructiveHint=true and readOnlyHint=false, which the description aligns with by describing a write operation. The description adds valuable behavioral context beyond annotations: the security warning about separate chat usage, the specific config keys and their data types, and the critical warning about allowedDirectories enabling full filesystem access. This provides practical implementation guidance that annotations don't cover.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness3/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately sized but has structural issues. The core purpose is clear upfront, but the warning about separate chat usage comes before the config key details, which might be better placed after. The final sentence about referencing as 'DC: ...' feels tacked on and doesn't add value for an AI agent. Some sentences could be more efficiently structured.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a destructive configuration tool with no output schema, the description provides strong completeness: purpose, security implications, parameter semantics with examples, and critical warnings. The main gap is lack of information about return values or confirmation of changes. However, given the annotations cover the destructive nature and the description provides rich parameter context, it's mostly complete.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters5/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

With 0% schema description coverage, the description carries the full burden of explaining parameters. It excels by providing: 1) A comprehensive list of valid 'key' values with their expected data types, 2) Clear examples of what 'value' should contain for each key, 3) Important semantic constraints (like empty array enabling full access). This fully compensates for the schema's lack of descriptions.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Set a specific configuration value by key.' This is a specific verb+resource combination that distinguishes it from sibling tools like 'get_config' (which reads rather than writes). However, it doesn't explicitly differentiate from all possible configuration-related tools beyond the obvious get/set distinction.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides clear context about when to use this tool: 'Should be used in a separate chat from file operations and command execution to prevent security issues.' It also implicitly contrasts with 'get_config' by being the write counterpart. However, it doesn't explicitly name alternatives or provide detailed exclusion criteria beyond the security warning.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/wonderwhy-er/ClaudeComputerCommander'

If you have feedback or need assistance with the MCP directory API, please join our Discord server