winremote-mcp

winremote-mcp runs a Windows “Model Context Protocol” (MCP) server on a Windows machine to enable remote desktop automation and administration for MCP-capable agents/clients (e.g., Claude Desktop, OpenClaw). It provides tools for screenshots, GUI input automation, PowerShell/shell command execution, file operations, system/process management, OCR, and screen recording. It supports API-key bearer auth, IP allowlisting, TLS, and an embedded OAuth 2.0 authorization server.

Evaluated Mar 30, 2026 (22d ago)
Repo ↗ Infrastructure mcp windows automation remote-control desktop gui-automation oauth tls python agent-tools
⚙ Agent Friendliness
61
/ 100
Can an agent use this?
🔒 Security
61
/ 100
Is it safe for agents?
⚡ Reliability
32
/ 100
Does it work consistently?

Score Breakdown

⚙ Agent Friendliness

MCP Quality
85
Documentation
70
Error Messages
0
Auth Simplicity
70
Rate Limits
10

🔒 Security

TLS Enforcement
80
Auth Strength
75
Scope Granularity
30
Dep. Hygiene
55
Secret Handling
60

Supports TLS via ssl_certfile/ssl_keyfile and recommends auth-key for remote access. Includes IP allowlist and returns HTTP 403 for non-allowlisted clients. Also ships an embedded OAuth 2.0 authorization server. However, the documentation does not describe fine-grained authorization scopes per tool; auth appears primarily coarse (bearer token/OAuth client) and risk is additionally managed via tool tiers (tier1/2 default, tier3 disabled). Dependency hygiene cannot be fully assessed from the provided manifest/README; versions are broad and there is no CVE/security posture detail. Secret handling practices (e.g., logging/redaction) are not explicitly documented in the provided content.

⚡ Reliability

Uptime/SLA
0
Version Stability
55
Breaking Changes
35
Error Recovery
40
AF Security Reliability

Best When

Used on a Windows host within a controlled network (or with TLS + OAuth/api-key + IP allowlist), where an MCP client can safely authenticate and where tool risk tiers (tier1/2 vs tier3) can be constrained.

Avoid When

Avoid exposing the server broadly to the internet, using no auth, or enabling tier3 tools unless you have strong operational controls and understand the destructive capabilities.

Use Cases

  • Remote AI agent control of a Windows desktop for automation tasks
  • GUI-driven workflows (click/type/shortcut/wait/drag) executed by an MCP agent
  • Remote system administration via MCP tools (process/service/scheduled task/registry-related operations as exposed by tools)
  • Cross-machine file read/write and transfers as part of automated workflows
  • OCR extraction and screenshot/recording-driven analysis by agents

Not For

  • Untrusted internet exposure without strong network segmentation and strict auth controls
  • High-security environments requiring formal audit/compliance guarantees not stated in documentation
  • Use cases where remote GUI automation would violate organizational policy or require human-in-the-loop approvals
  • Running arbitrary destructive operations (e.g., shell/file/kill/register changes) without explicit risk-tier management and careful scoping

Interface

REST API
No
GraphQL
No
gRPC
No
MCP Server
Yes
SDK
No
Webhooks
No

Authentication

Methods: API key bearer token (auth-key) OAuth 2.0 (embedded authorization server) IP allowlisting (network-level access control)
OAuth: Yes Scopes: No

The README describes bearer-token style auth via --auth-key and OAuth 2.0 endpoints when --oauth-client-id/--oauth-client-secret are set. It also mentions tool risk tiers (tier1-2 default, tier3 disabled) and an IP allowlist that returns HTTP 403 for non-allowlisted clients.

Pricing

Free tier: No
Requires CC: No

No pricing information is provided (appears to be a self-hosted open-source package via PyPI/GitHub).

Agent Metadata

Pagination
none
Idempotent
False
Retry Guidance
Not documented

Known Gotchas

  • Tier 3 tools are destructive and are disabled by default; agents must avoid enabling/discovering destructive tools unless explicitly intended.
  • Remote GUI actions are stateful and may fail due to focus/window/permission/desktop state differences (no explicit guidance on retries/idempotency in the README).
  • When exposing beyond localhost, ensure TLS and strict IP allowlisting; otherwise agents may connect from unintended networks.
  • OAuth setup requires client ID/secret and TLS per README guidance; misconfiguration can prevent MCP client authentication.

Alternatives

Other MCP servers for desktop automation (if available) RDP/VNC with custom agent integrations (more manual but common) OS-level automation frameworks (PowerShell remoting, WinRM) combined with agent orchestration Browser/GUI automation approaches (Playwright/Selenium where applicable, though not full Windows desktop control)

Full Evaluation Report

Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for winremote-mcp.

AI-powered analysis · PDF + markdown · Delivered within 30 minutes

$99

Package Brief

Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.

Delivered within 10 minutes

$3

Score Monitoring

Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.

Continuous monitoring

$3/mo
API endpoint ↗ Agent guide ↗ Report inaccuracy

Scores are editorial opinions as of 2026-03-30.

8642
Packages Evaluated
17761
Need Evaluation
586
Need Re-evaluation
Community Powered