Skip to content
ai-supply.store
탐색카테고리리더보드커뮤니티Agent APIFAQ
로그인무료 가입
catalog / Coding / Desktop Commander MCP
◇MCP serverCodingFree

Desktop Commander MCP

Gives AI assistants terminal control, filesystem search, and diff-based file editing on your machine.

@ai-supply
설치 수587
↗ 소스 저장소
← More CodingCoding leaderboard →How we grade security →Source ↗

Desktop Commander MCP

Desktop Commander is a Model Context Protocol server that gives AI assistants like Claude terminal control, filesystem search, and diff-based file editing on your local machine.

It lets the agent read, update, and manage files, run and manage terminal processes, and automate multi-step tasks that go beyond in-editor AI tools. Because it runs locally through your MCP client, it can use your existing client subscription instead of separate API token costs.

It is aimed at developers and power users who want an AI assistant that can operate their filesystem and shell to automate real work.

Rating rank
#1
of 22 in Coding
Install rank
#20
of 22 in Coding
Security score
58/100 · D
review
Security rank
#11
of 22 in Coding
Installs
587
cat avg 190k
This listing vs category average
Installs
this
cat avg
Security (of 100)
this
cat avg
Adoption trend
See the Coding leaderboard →
! Security: Review · 5858/100 · grade Dscanned 36m ago
⚠ 1 compromise signal24 risk-surface · 8/20 OWASP controls flagged

Only compromise signals — malicious or tampered code (leaked secrets, backdoors, a dropped executable) — reduce the score. Dangerous-by-capability traits are risk surface, expected for some capabilities. Every finding is mapped to the OWASP control it belongs to below.

What this capability can do · high confidence (static)
Tools (5)
read_multiple_fileswrite_filelist_directorystop_searchforce_terminate
⚑ filesystem⚑ shell⚑ network⚑ secretsinstall: postinstall
egress → www.youtube.com, smithery.ai., smithery.ai, discord.gg, desktopcommander.app#faq, www.docker.com, hub.docker.com, policies.google.com +32

Findings mapped to the OWASP Top 10 for LLM Applications (2025) and the OWASP Machine Learning Security Top 10. Expand any flagged control for the exact findings — compromise reduces the score; expected/risk-surface do not.

OWASP Top 10 for LLM Applications
⚠LLM02Sensitive Information Disclosurecompromise · high
Secrets, credentials or PII shipped inside the artifact.
•Embedded credentials — found: hardcoded credential · wonderwhy-er-DesktopCommanderMCP-0ad919b/src/ui/file-preview/src/markdown/editor.ts (CWE-798)compromise
⚠LLM07System Prompt Leakagecompromise · high
Secrets, internal hosts or proprietary logic exposed in shipped prompts.
•Embedded credentials — found: hardcoded credential · wonderwhy-er-DesktopCommanderMCP-0ad919b/src/ui/file-preview/src/markdown/editor.ts (CWE-798)compromise
⚠LLM03Supply Chaincritical
Vulnerable/compromised dependencies, models or archives in the artifact.
•Dependency manifest — 46 npm dependencies declared · wonderwhy-er-DesktopCommanderMCP-0ad919b/package.jsonrisk surface
•npm install-lifecycle script — postinstall run on install — executes arbitrary code · wonderwhy-er-DesktopCommanderMCP-0ad919b/package.json (CWE-506)risk surface
•Vulnerable dependencies — 94 known vulnerabilities in: @hono/node-server@1.19.7, @modelcontextprotocol/sdk@1.25.1, ajv@8.17.1, basic-ftp@5.1.0, brace-expansion@1.1.12, brace-expansion@2.0.2, diff@4.0.2, fast-uri@3.1.0 (CWE-1395)risk surface
⚠LLM05Improper Output Handlingcritical
Code that pipes model/user output into shell, eval, SQL or paths unsafely.
•Suspicious code patterns — pipe-to-shell install · wonderwhy-er-DesktopCommanderMCP-0ad919b/README.md (CWE-494)risk surface
•Suspicious code patterns — destructive rm -rf / · wonderwhy-er-DesktopCommanderMCP-0ad919b/install.sh (CWE-78)risk surface
•Path traversal sequences — '../' present in content or name · wonderwhy-er-DesktopCommanderMCP-0ad919b/manifest.template.json (CWE-22)risk surface
•Suspicious code patterns — child_process exec · wonderwhy-er-DesktopCommanderMCP-0ad919b/scripts/build-mcpb.cjs (CWE-78)risk surface
•Suspicious code patterns — child_process exec; dynamic code execution · wonderwhy-er-DesktopCommanderMCP-0ad919b/scripts/publish-release.cjs (CWE-78)risk surface
•Suspicious code patterns — encoded PowerShell command · wonderwhy-er-DesktopCommanderMCP-0ad919b/src/ui/file-preview/src/host/external-actions.tsrisk surface
•Suspicious code patterns — dynamic code execution · wonderwhy-er-DesktopCommanderMCP-0ad919b/src/ui/file-preview/src/markdown/editor.ts (CWE-95)risk surface
•Suspicious code patterns — fork bomb; disk wipe command · wonderwhy-er-DesktopCommanderMCP-0ad919b/test/test-blocked-commands.jsrisk surface
⚠LLM06Excessive Agencyhigh
Over-broad tool/permission surface or unrestricted egress.
•External endpoints declared — 1 distinct host(s) · wonderwhy-er-DesktopCommanderMCP-0ad919b/.codespellrcrisk surface
•External endpoints declared — 2 distinct host(s) · wonderwhy-er-DesktopCommanderMCP-0ad919b/Dockerfilerisk surface
•Broad capability surface — 4 high-impact capability categories referenced — verify least-privilege · wonderwhy-er-DesktopCommanderMCP-0ad919b/FAQ.md (CWE-272)risk surface
•External endpoints declared — 5 distinct host(s) · wonderwhy-er-DesktopCommanderMCP-0ad919b/FAQ.mdrisk surface
•External endpoints declared — 3 distinct host(s) · wonderwhy-er-DesktopCommanderMCP-0ad919b/PUBLISH.mdrisk surface
•External endpoints declared — 36 distinct host(s) · wonderwhy-er-DesktopCommanderMCP-0ad919b/README.mdrisk surface
•External endpoints declared — 4 distinct host(s) · wonderwhy-er-DesktopCommanderMCP-0ad919b/install-docker.shrisk surface
•External endpoints declared — 7 distinct host(s) · wonderwhy-er-DesktopCommanderMCP-0ad919b/package-lock.jsonrisk surface
•Broad capability surface — 3 high-impact capability categories referenced — verify least-privilege · wonderwhy-er-DesktopCommanderMCP-0ad919b/package.json (CWE-272)risk surface
•Egress to a private/loopback host — 127.0.0.1 · wonderwhy-er-DesktopCommanderMCP-0ad919b/plugins/claude/skills/ai-tools-setup/references/openclaw.md (CWE-918)risk surface
⚠LLM10Unbounded Consumptionmedium
Unbounded loops/recursion causing DoS or runaway cost.
Enforced at runtime by the gateway (rate limits + spend caps + size caps); static check flags unbounded loops.
•Potentially unbounded loop — an infinite loop (while True / while(1) / for(;;)) may cause runaway consumption · wonderwhy-er-DesktopCommanderMCP-0ad919b/src/tools/filesystem.ts (CWE-835)risk surface
§LLM09MisinformationGovernance
Artifacts designed to produce false/deceptive output.
Detectable only by runtime behavioral evaluation; addressed via responsible-use attestation.
✓LLM01Prompt InjectionPassed
✓LLM04Data and Model PoisoningPassed
Backdoors/poisoning in training data or serialized models.
Behavioral poisoning needs model execution; static check covers unsafe serialization + dataset skew only.
✓LLM08Vector and Embedding WeaknessesPassed
PII or plaintext source leakage in embedding/vector exports.
Embedding inversion/poisoning is largely runtime; static check covers PII in vector exports.
OWASP Machine Learning Security Top 10
⚠ML06AI Supply Chaincritical
Compromised PyPI/npm packages, typosquats, unsafe serialized models.
•Dependency manifest — 46 npm dependencies declared · wonderwhy-er-DesktopCommanderMCP-0ad919b/package.jsonrisk surface
•npm install-lifecycle script — postinstall run on install — executes arbitrary code · wonderwhy-er-DesktopCommanderMCP-0ad919b/package.json (CWE-506)risk surface
•Vulnerable dependencies — 94 known vulnerabilities in: @hono/node-server@1.19.7, @modelcontextprotocol/sdk@1.25.1, ajv@8.17.1, basic-ftp@5.1.0, brace-expansion@1.1.12, brace-expansion@2.0.2, diff@4.0.2, fast-uri@3.1.0 (CWE-1395)risk surface
⚠ML09Output Integritycritical
Middleware tampering with model outputs in transit.
Gateway enforces TLS + response integrity; static check flags output-rewriting code.
•Suspicious code patterns — pipe-to-shell install · wonderwhy-er-DesktopCommanderMCP-0ad919b/README.md (CWE-494)risk surface
•Suspicious code patterns — destructive rm -rf / · wonderwhy-er-DesktopCommanderMCP-0ad919b/install.sh (CWE-78)risk surface
•Path traversal sequences — '../' present in content or name · wonderwhy-er-DesktopCommanderMCP-0ad919b/manifest.template.json (CWE-22)risk surface
•Suspicious code patterns — child_process exec · wonderwhy-er-DesktopCommanderMCP-0ad919b/scripts/build-mcpb.cjs (CWE-78)risk surface
•Suspicious code patterns — child_process exec; dynamic code execution · wonderwhy-er-DesktopCommanderMCP-0ad919b/scripts/publish-release.cjs (CWE-78)risk surface
•Suspicious code patterns — encoded PowerShell command · wonderwhy-er-DesktopCommanderMCP-0ad919b/src/ui/file-preview/src/host/external-actions.tsrisk surface
•Suspicious code patterns — dynamic code execution · wonderwhy-er-DesktopCommanderMCP-0ad919b/src/ui/file-preview/src/markdown/editor.ts (CWE-95)risk surface
•Suspicious code patterns — fork bomb; disk wipe command · wonderwhy-er-DesktopCommanderMCP-0ad919b/test/test-blocked-commands.jsrisk surface
§ML01Input Manipulation (Adversarial)Governance
Models vulnerable to adversarial perturbations.
Requires runtime robustness evaluation; addressed via publisher robustness attestation.
§ML03Model InversionGovernance
Training data reconstructable from a model's outputs.
Runtime/evaluation property; addressed via model-card data-provenance + DP attestation.
§ML04Membership InferenceGovernance
Determining whether a record was in the training set.
Runtime/evaluation property; addressed via overfitting disclosure + DP attestation.
§ML08Model SkewingGovernance
Models trained on skewed data producing biased output.
Requires fairness evaluation; addressed via model-card bias/limitations disclosure.
✓ML02Data PoisoningPassed
Poisoned training datasets with triggers or anomalous distributions.
Static check covers trigger phrasing, PII and label skew; full poisoning detection is runtime.
✓ML05Model TheftPassed
Unlicensed re-distribution / license-incompatible derivatives.
Static check verifies license declaration; extraction throttling is runtime.
✓ML07Transfer Learning AttackPassed
Backdoored base models / LoRA adapters propagating to derivatives.
Backdoor detection needs behavioral probing; static check covers unsafe serialization + provenance.
✓ML10Model Poisoning (Weights)Passed
Tampered model weight files; integrity must be verifiable.
Static check enforces safe formats + records a content hash for downstream verification.
Other findings (11) · hygiene / uncategorized
•Unrecognized file type — '.codespellrc' is not on the allowlist · wonderwhy-er-DesktopCommanderMCP-0ad919b/.codespellrcrisk surface
•Unrecognized file type — '.gitignore' is not on the allowlist · wonderwhy-er-DesktopCommanderMCP-0ad919b/.gitignorerisk surface
•Unrecognized file type — '.npmignore' is not on the allowlist · wonderwhy-er-DesktopCommanderMCP-0ad919b/.npmignorerisk surface
•Unrecognized file type — '.?' is not on the allowlist · wonderwhy-er-DesktopCommanderMCP-0ad919b/Dockerfilerisk surface
•Disallowed file type — '.ps1' executables are not permitted · wonderwhy-er-DesktopCommanderMCP-0ad919b/install-docker.ps1 (CWE-434)risk surface
•Suspicious network references — raw IP URL (4 URLs) · wonderwhy-er-DesktopCommanderMCP-0ad919b/plugins/claude/skills/ai-tools-setup/references/openclaw.mdrisk surface
•Unrecognized file type — '.mdc' is not on the allowlist · wonderwhy-er-DesktopCommanderMCP-0ad919b/plugins/cursor/rules/desktop-commander-default.mdcrisk surface
•Unrecognized file type — '.cjs' is not on the allowlist · wonderwhy-er-DesktopCommanderMCP-0ad919b/scripts/build-mcpb.cjsrisk surface
•Possible obfuscation — very long lines · wonderwhy-er-DesktopCommanderMCP-0ad919b/test/large_test_file.txtrisk surface
•Suspicious network references — raw IP URL (5 URLs) · wonderwhy-er-DesktopCommanderMCP-0ad919b/test/test-feature-flags-timeout.jsrisk surface
•Unrecognized file type — '.obsolete' is not on the allowlist · wonderwhy-er-DesktopCommanderMCP-0ad919b/test/test-repl-tools.js.obsoleterisk surface
✔ verified source · pinned wonderwhy-er-DesktopCommanderMCP-0ad919b · changed since last scan · +egress www.youtube.com, smithery.ai., smithery.ai, discord.gg, desktopcommander.app#faq, www.docker.com, hub.docker.com, policies.google.com, img.shields.io, agentaudit.dev, archestra.ai, www.buymeacoffee.com, glama.ai, cursor.com, cursor.directory, docs.cursor.com, docs.windsurf.com, code.visualstudio.com, docs.cline.bot, docs.roocode.com, docs.anthropic.com, docs.trae.ai, kiro.dev, developers.openai.com, www.jetbrains.com, docs.augmentcode.com, qwenlm.github.io, youtube.com, www.patreon.com, wonderwhy-er.medium.com, analyticsindiamag.com, medium.com, mseep.ai, docs.docker.com
Check against a policy

The same gate an agent runs before installing (POST /api/v1/trust/desktop-commander-mcp/check). Click a policy:

Consume Desktop Commander MCP programmatically. Authenticate with an API key or session — see Authorize an agent.

# Agents: CHECK BEFORE YOU INSTALL (no auth) — score, grade, level, capability manifest
curl https://ai-supply.store/api/v1/trust/desktop-commander-mcp

# Gate against your org policy (returns { pass, violations })
curl -X POST https://ai-supply.store/api/v1/trust/desktop-commander-mcp/check \
  -H "Content-Type: application/json" \
  -d '{"minGrade":"B","denyPermissions":["shell"],"denyUnknownEgress":true}'

# CLI
npx ai-supply add desktop-commander-mcp

# REST (install → download)
curl -X POST https://ai-supply.store/api/v1/listings/desktop-commander-mcp/install \
  -H "Authorization: Bearer $AIM_KEY"

# MCP tool
install_listing({ "slug": "desktop-commander-mcp" })
OpenAPI spec →
vlatest
! Security: Review · 585h ago

Curated mirror — latest upstream source. See the repository for tagged releases.

Sign in and install this listing to leave a review.

More from @ai-supply

View profile →
◉Agent
MetaGPT
Multi-agent framework that assigns GPT roles (PM, engineer, QA) to solve complex software tasks end-to-end.
↓ 1.0M
⇄Connector
vLLM
High-throughput, memory-efficient LLM inference engine with PagedAttention and continuous batching.
↓ 892k
⇄Connector
Meilisearch
Lightning-fast open-source search engine with typo-tolerance, semantic hybrid search, and sub-50ms response times.
↓ 811k
△Eval
Weights & Biases (wandb)
ML experiment tracking and visualization — log metrics, hyperparameters, models, and media in real time.
↓ 784k
ai-supply.store

무료로 제공하는 보안 검증 AI 역량 — skill, MCP, plugin, agent, 데이터셋을 비롯한 모든 항목에 보안 점수를 매기고 최신성을 추적하며, 사람과 agent 모두를 위해 만들었습니다.

api · v3.1status · all green
문의하기
support@ai-supply.storesecurity@ai-supply.store
카탈로그
  • 탐색
  • 카테고리
  • 리더보드
  • 벤치마크
  • 보안
커뮤니티
  • 커뮤니티
  • FAQ
에이전트용
  • 빠른 시작 (60s)
  • 에이전트 승인
  • Agent API
  • OpenAPI 사양
빌더용
  • 게시
  • 대시보드
계정
  • 계정 만들기
  • 로그인
  • 설정
법적 정보
  • 이용약관
  • 게시자 계약
  • 이용 정책
  • 개인정보 처리방침