win-mcp-server
Provides an MCP server that lets AI agents interact with Windows hosts via WinRM, including interactive credential setup and remote PowerShell execution plus basic system/service/disk information tools.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security claims are described in the README (Keychain + TouchID, hidden password input, credentials cleared from memory, 4-hour expiration, transport security via NTLM over HTTP with HTTPS configurable). However, the README does not provide detailed threat-model, least-privilege guidance, audit/logging details, or how secrets are stored/cleared for all code paths. Execute_powershell exposes powerful capabilities; strong external constraints/allowlists are important.
⚡ Reliability
Best When
You have a controlled Windows fleet with WinRM enabled and you want MCP tool-based remote management with credential caching/clearing on the client side.
Avoid When
You cannot guarantee host trust, least-privilege credentials, or you need a standard web API/SDK instead of an MCP tool server.
Use Cases
- • Remote administration and troubleshooting of Windows servers from an AI agent
- • Automated health checks (system info, running services, disk space)
- • Running controlled PowerShell commands on managed Windows hosts
- • Reducing manual ops work for infrastructure teams using MCP-capable agent tooling
Not For
- • Running untrusted or highly privileged PowerShell on unmanaged hosts
- • Environments that cannot use WinRM or that require strict network-level restrictions beyond WinRM
- • Multi-tenant scenarios where credential isolation/auditing must be extremely strong
Interface
Authentication
Authentication is described as domain credentials stored in macOS Keychain with TouchID gating, with WinRM using NTLM over HTTP (HTTPS optionally configurable). No agent-scoped authorization model (OAuth scopes) is described.
Pricing
No pricing information in provided content (GitHub metadata shows small OSS project).
Agent Metadata
Known Gotchas
- ⚠ Executing arbitrary PowerShell is dangerous: agents may run destructive or state-changing commands unless you constrain usage.
- ⚠ Credential setup is interactive first use; automated/headless deployment may require additional handling not described.
- ⚠ WinRM transport/security depends on network configuration (HTTP/HTTPS and NTLM settings); agents may fail if hosts are not configured appropriately.
- ⚠ Tool outputs include stdout/stderr and exit codes; agents must parse these reliably rather than assuming structured JSON for all commands.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for win-mcp-server.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-04-04.