ai.smithery/DynamicEndpoints-powershell-exec-mcp-server

6.5

Execute PowerShell commands securely with controlled timeouts and input validation. Retrieve syste…

streamable-httpai-ml cloud

Installation

Claude Desktop config (remote)

{
  "mcpServers": {
    "ai-smithery-dynamicendpoints-powershell-exec-mcp-server": {
      "type": "streamable-http",
      "url": "https://server.smithery.ai/@DynamicEndpoints/powershell-exec-mcp-server/mcp"
    }
  }
}

Cursor config

{
  "mcpServers": {
    "ai-smithery-dynamicendpoints-powershell-exec-mcp-server": {
      "url": "https://server.smithery.ai/@DynamicEndpoints/powershell-exec-mcp-server/mcp"
    }
  }
}

Security Report

Score Breakdown

Description10

Permissions10

Behavior3

Stability--

Findings (7)

critical

code-execution

Arbitrary PowerShell Command Execution

Server explicitly designed to execute PowerShell commands. Even with claimed 'controlled timeouts and input validation,' this represents a critical security risk as PowerShell can execute arbitrary system commands, access files, modify registry, and compromise system integrity.

high

network-access

Remote HTTP Endpoint Without Visible Authentication

Server is exposed via remote HTTPS endpoint (streamable-http transport). No authentication mechanism is documented. This allows any client with the URL to potentially execute PowerShell commands on the server.

high

excessive-scope

Overly Broad Capability Claims

Description claims to 'Retrieve system...' (truncated) which suggests broad system information access combined with command execution. This combination is dangerous and suggests the server may have capabilities beyond what's explicitly stated.

medium

vague-description

Incomplete and Vague Description

The description is truncated and incomplete, making it impossible to fully assess the server's actual capabilities and security measures. Claims of 'secure' execution and 'input validation' are unverifiable without seeing the actual implementation.

medium

unconstrained-input

Tool Definitions Not Available for Inspection

Tool definitions could not be fetched from the server. Without seeing the actual tool schemas, input validation rules, and parameter constraints, it's impossible to verify that the claimed security measures are actually implemented.

info

vague-description

Positive: Repository Available

Server has a public GitHub repository, which allows for source code review and community scrutiny. This is a positive trust signal.

info

vague-description

Semantic Analysis Summary

This server presents critical security risks due to its core function of executing arbitrary PowerShell commands via a remote HTTP endpoint. While a GitHub repository exists (positive signal), the combination of unrestricted code execution, remote exposure, unverified input validation claims, and incomplete documentation makes this server extremely dangerous. This should only be used in highly controlled, isolated environments with strict network segmentation and authentication.

Last scanned 1h ago

Details

Version: 1.13.1
Transport: streamable-http
Capabilities
Repository: DynamicEndpoints/PowerShell-Exec-MCP-Server