We only provide security updates for the latest available version of mcp-server-for-powershell.

Important: This tool is designed to execute PowerShell commands generated by an LLM. By definition, it enables Arbitrary Code Execution (ACE).

When reporting vulnerabilities, please distinguish between intended functionality and actual security flaws:

• The ability to execute system commands (e.g., Get-Process, Remove-Item) is a feature, not a bug.
• The LLM generating incorrect or destructive commands is a limitation of the model, not a vulnerability in this server.
• Executing commands with the privileges of the user running the server process.

• Sandbox Escapes: If you configure the server to run in a restricted mode (if applicable) and a command manages to bypass those restrictions.
• Command Injection (Internal): If the server fails to properly sanitize internal arguments before passing them to the PowerShell subprocess, resulting in execution different from what the LLM requested.
• Unauthorized Access: If the server is exposed via HTTP/SSE and allows connections without configured authentication.

Please report sensitive information via GitHub Private Vulnerability Reporting.

Please do not report security vulnerabilities through public GitHub issues.

To use this server safely, we recommend the following:

1. Human-in-the-Loop: Always use an MCP client that requires user confirmation before executing tools (e.g., Claude Desktop in "Ask before running" mode).
2. Least Privilege: Do not run this server as Administrator/Root unless absolutely necessary.
3. Sandboxing: Where possible, run this server inside a container (Docker) or a virtual machine to limit the impact of destructive commands.
4. Network Isolation: Ensure the server is not exposed to the public internet.

This software allows an automated system to execute code on your computer. You are solely responsible for securing the environment in which it runs.