cursor_admin_mcp
This server enables Cursor AI agents to execute privileged system commands with mandatory human approval before any privilege escalation occurs.
Run PowerShell commands as Administrator (Windows): The
run_as_admintool executes PowerShell commands with elevated privileges after the user approves via a WPF dialog and UAC prompt.Run bash commands as root (Linux/macOS): The
run_as_roottool executes bash commands as root after the user approves via azenity(Linux) orosascript(macOS) dialog and sudo authentication.Mandatory human approval gate: Every privileged execution requires explicit visual confirmation — the exact command is shown before elevation, and declining halts execution with no privilege escalation.
Capture and return output:
stdoutandstderrfrom executed commands are captured and returned to the agent for further processing.Platform safety enforcement: Each tool is restricted to its target OS — calling the wrong tool returns a clear error without any execution.
Temporary file isolation and cleanup: Commands are written to isolated temporary files that are automatically deleted after each invocation, minimizing security exposure.
Allows executing commands with root privileges on Linux systems using sudo and zenity approval dialog.
Click on "Install Server".
Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state.
In the chat, type
@followed by the MCP server name and your instructions, e.g., "@cursor_admin_mcpInstall Python 3.12 using winget"
That's it! The server will respond to your query, and you can continue using it as needed.
Here is a step-by-step guide with screenshots.
cursor_admin_mcp
Cross-platform secure MCP server for Cursor agents. Exposes elevated execution tools with mandatory human approval before privilege escalation:
Windows:
run_as_admin— PowerShell with WPF approval dialog and UACLinux / macOS:
run_as_root— bash with approval dialog andsudo
Requirements
All platforms
Node.js 20 or later
Windows (run_as_admin)
Windows 10 or later
Windows PowerShell 5.1 (default
powershellon Windows)WPF (
PresentationFramework) for the approval dialog
Linux (run_as_root)
bash
sudo(user must have sudo privileges)zenityfor approval and password dialogsDISPLAYorWAYLAND_DISPLAYset (GUI session required)
Install example (Debian/Ubuntu):
sudo apt install zenitymacOS (run_as_root)
bash
sudo(user must be an administrator)osascriptfor approval and password dialogs (built into macOS)GUI session required (osascript dialogs)
Related MCP server: Super Shell MCP Server
Security model
Both tools follow the same pattern: payload isolation, visual approval, privilege escalation, log capture, cleanup.
Windows — run_as_admin
The agent sends a PowerShell command string.
The server writes the command to an isolated temporary
.ps1file.A wrapper script shows a WPF
MessageBoxwith the exact command payload.If the user clicks Yes, UAC prompts for elevation and the payload runs elevated.
If the user clicks No, execution stops and the tool returns
Execution denied by user.stdout/stderr are captured to a temporary log file and returned to the agent.
All temporary files are deleted after each invocation.
Linux — run_as_root
The agent sends a bash command string.
The server writes the command to an isolated temporary
.shfile.A wrapper script shows a zenity question dialog with the exact command payload.
If the user clicks Yes,
sudo -Aruns the payload using a temporarySUDO_ASKPASSscript (zenity --password).If the user clicks No, execution stops and the tool returns
Execution denied by user.stdout/stderr are captured to a temporary log file and returned to the agent.
All temporary files are deleted after each invocation.
macOS — run_as_root
The agent sends a bash command string.
The server writes the command to an isolated temporary
.shfile.A wrapper script shows an osascript dialog with the exact command payload.
If the user clicks Yes,
sudo -Aruns the payload using a temporarySUDO_ASKPASSscript (osascript hidden-password dialog).If the user clicks No, execution stops and the tool returns
Execution denied by user.stdout/stderr are captured to a temporary log file and returned to the agent.
All temporary files are deleted after each invocation.
The agent cannot bypass approval or elevation on any platform. Use the tool that matches the current OS.
Build and run
npm install
npm run build
npm startOther scripts:
npm run typecheck— TypeScript check without emitnpm test— run unit tests
Branching and releases
Branch | Purpose |
| Day-to-day development; open PRs here |
| Stable releases only; merge from |
Workflow:
Branch from
developfor features and fixes.Open pull requests targeting
develop. CI runs on every push and PR.When ready to ship, merge
developintomain(via PR or fast-forward merge).Each push to
mainruns the Release workflow: build, test, then create a GitHub release taggedv{version}frompackage.json.Bump
versioninpackage.jsonbefore merging tomainso each release gets a unique tag. If the tag already exists, the release job skips creation and logs a reminder to bump the version.
To start using develop:
git checkout -b develop
git push -u origin developSet develop as the default branch in GitHub repository settings if you want new PRs to target it by default.
Cursor MCP configuration
Add this server in Cursor → Settings → Features → MCP Servers (adjust the path if your clone location differs):
{
"mcpServers": {
"cursor-admin-mcp": {
"command": "node",
"args": ["C:\\dev\\repos\\others\\cursor_admin_mcp\\dist\\index.js"]
}
}
}On Linux and macOS, use the appropriate absolute path to dist/index.js.
After changing MCP settings, reload MCP servers in Cursor.
Manual smoke test
Windows
Build the project:
npm run buildRegister the MCP server in Cursor using the config above.
Ask the agent to call
run_as_adminwith:Write-Output "hello"Confirm the WPF dialog shows the exact command.
Click Yes, approve UAC, and verify output contains
hello.Run again and click No — verify the tool returns
Execution denied by user.without a UAC prompt.Confirm no leftover temp files remain under
%TEMP%.
Linux
Build the project:
npm run buildRegister the MCP server in Cursor.
Ask the agent to call
run_as_rootwith:echo "hello"Confirm the zenity dialog shows the exact command.
Click Yes, enter your sudo password in the zenity prompt, and verify output contains
hello.Run again and click No — verify the tool returns
Execution denied by user.without a sudo prompt.Confirm no leftover temp files remain under
/tmp.
macOS
Build the project:
npm run buildRegister the MCP server in Cursor.
Ask the agent to call
run_as_rootwith:echo "hello"Confirm the osascript dialog shows the exact command.
Click Yes, enter your administrator password in the osascript prompt, and verify output contains
hello.Run again and click No — verify the tool returns
Execution denied by user.without a sudo prompt.Confirm no leftover temp files remain under
$TMPDIR.
Calling run_as_admin on Linux or macOS, or run_as_root on Windows, returns a clear platform error without elevation.
SDK note
This project uses @modelcontextprotocol/server@2.0.0-alpha.2 (MCP TypeScript SDK v2 alpha). The v2 API may change before stable release.
License
MIT — see LICENSE.
Maintenance
Resources
Unclaimed servers have limited discoverability.
Looking for Admin?
If you are the server author, to access and configure the admin panel.
Tools
Latest Blog Posts
- Your AI Chatbot Just Exposed Your CEO's Salary to an InternBy Om-Shree-0709 on .Agent IdentityMCP SecurityOAuth Delegation
- Why MCP Servers Need Execution Sandboxing (And Why Your Current Stack Isn't Enough)By Om-Shree-0709 on .Agentic AiPrompt InjectionWebAssembly
MCP directory API
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Jon2G/cursor_admin_mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server