{"id":"dddabtc-winremote-mcp","name":"winremote-mcp","homepage":null,"repo_url":"https://github.com/dddabtc/winremote-mcp","category":"infrastructure","subcategories":[],"tags":["mcp","windows","automation","remote-control","desktop","gui-automation","oauth","tls","python","agent-tools"],"what_it_does":"winremote-mcp runs a Windows “Model Context Protocol” (MCP) server on a Windows machine to enable remote desktop automation and administration for MCP-capable agents/clients (e.g., Claude Desktop, OpenClaw). It provides tools for screenshots, GUI input automation, PowerShell/shell command execution, file operations, system/process management, OCR, and screen recording. It supports API-key bearer auth, IP allowlisting, TLS, and an embedded OAuth 2.0 authorization server.","use_cases":["Remote AI agent control of a Windows desktop for automation tasks","GUI-driven workflows (click/type/shortcut/wait/drag) executed by an MCP agent","Remote system administration via MCP tools (process/service/scheduled task/registry-related operations as exposed by tools)","Cross-machine file read/write and transfers as part of automated workflows","OCR extraction and screenshot/recording-driven analysis by agents"],"not_for":["Untrusted internet exposure without strong network segmentation and strict auth controls","High-security environments requiring formal audit/compliance guarantees not stated in documentation","Use cases where remote GUI automation would violate organizational policy or require human-in-the-loop approvals","Running arbitrary destructive operations (e.g., shell/file/kill/register changes) without explicit risk-tier management and careful scoping"],"best_when":"Used on a Windows host within a controlled network (or with TLS + OAuth/api-key + IP allowlist), where an MCP client can safely authenticate and where tool risk tiers (tier1/2 vs tier3) can be constrained.","avoid_when":"Avoid exposing the server broadly to the internet, using no auth, or enabling tier3 tools unless you have strong operational controls and understand the destructive capabilities.","alternatives":["Other MCP servers for desktop automation (if available)","RDP/VNC with custom agent integrations (more manual but common)","OS-level automation frameworks (PowerShell remoting, WinRM) combined with agent orchestration","Browser/GUI automation approaches (Playwright/Selenium where applicable, though not full Windows desktop control)"],"af_score":61.0,"security_score":61.0,"reliability_score":32.5,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:51:02.088178+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":"http://127.0.0.1:8090/mcp (or /mcp/ for some clients); supports HTTPS with TLS","has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":["API key bearer token (auth-key)","OAuth 2.0 (embedded authorization server)","IP allowlisting (network-level access control)"],"oauth":true,"scopes":false,"notes":"The README describes bearer-token style auth via --auth-key and OAuth 2.0 endpoints when --oauth-client-id/--oauth-client-secret are set. It also mentions tool risk tiers (tier1-2 default, tier3 disabled) and an IP allowlist that returns HTTP 403 for non-allowlisted clients."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"No pricing information is provided (appears to be a self-hosted open-source package via PyPI/GitHub)."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":61.0,"security_score":61.0,"reliability_score":32.5,"mcp_server_quality":85.0,"documentation_accuracy":70.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":70.0,"rate_limit_clarity":10.0,"tls_enforcement":80.0,"auth_strength":75.0,"scope_granularity":30.0,"dependency_hygiene":55.0,"secret_handling":60.0,"security_notes":"Supports TLS via ssl_certfile/ssl_keyfile and recommends auth-key for remote access. Includes IP allowlist and returns HTTP 403 for non-allowlisted clients. Also ships an embedded OAuth 2.0 authorization server. However, the documentation does not describe fine-grained authorization scopes per tool; auth appears primarily coarse (bearer token/OAuth client) and risk is additionally managed via tool tiers (tier1/2 default, tier3 disabled). Dependency hygiene cannot be fully assessed from the provided manifest/README; versions are broad and there is no CVE/security posture detail. Secret handling practices (e.g., logging/redaction) are not explicitly documented in the provided content.","uptime_documented":0.0,"version_stability":55.0,"breaking_changes_history":35.0,"error_recovery":40.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Tier 3 tools are destructive and are disabled by default; agents must avoid enabling/discovering destructive tools unless explicitly intended.","Remote GUI actions are stateful and may fail due to focus/window/permission/desktop state differences (no explicit guidance on retries/idempotency in the README).","When exposing beyond localhost, ensure TLS and strict IP allowlisting; otherwise agents may connect from unintended networks.","OAuth setup requires client ID/secret and TLS per README guidance; misconfiguration can prevent MCP client authentication."]}}