home / mcp / systeminternals mcp server

SystemInternals MCP Server

Provides a minimal MCP server that exposes Sysinternals and NirSoft tools via safe subprocess calls and dynamic tool registration.

Installation

Add the following to your MCP client configuration file.

Configuration

View docs

{
  "mcpServers": {
    "14ag-systeminternals-mcp": {
      "command": "python",
      "args": [
        "server_mcp.py"
      ]
    }
  }
}

You have a lightweight MCP server that exposes Sysinternals and NirSoft binaries through a safe, FastMCP-compatible interface. It demonstrates dynamic tool registration and safe subprocess handling, letting you run tools from a local binaries directory or via demos while blocking destructive operations by default.

How to use

You interact with the server through an MCP client that talks over stdio. Start a long‑running stdio server to enable integrated agent workflows, or use the per‑request demo mode for simple CLI usage.

To start the stdio MCP server locally, run the following command. It registers available tools and exposes an RPC surface your client can call.

python server_mcp.py

How to run quick demos from the CLI

If you want a single, per‑request demo that returns structured JSON, you can run a specific tool with the demo mode.

python server.py --demo procexp64

Using the server in scripts or agents

You can run a tool via a separate Python script or a shell command and capture the JSON result from stdout. After the server prints the JSON, parse it in your language of choice.

import subprocess, json

proc = subprocess.run([
	'python', 'server.py', '--demo', 'pslist64', '--',
	# additional tool args go here as separate items
], capture_output=True, text=True)

if proc.returncode == 0 and proc.stdout:
	result = json.loads(proc.stdout)
	print(result)
else:
	print('error', proc.stderr)

Notes on the demo and tools

The quick demo modes train you to call tools like pslist64 and procexp64. Some tools (destructive ones) are blocked by default and require explicit confirmation or safety settings to run.

How to install

Prerequisites: You need Python 3.11 or newer and a virtual environment. The server runs in a Python environment and does not require shell access to binaries.

powershell
python -m venv .venv
.\.venv\Scripts\activate
pip install --upgrade pip
pip install -r requirements.txt

Running

Use a per‑tool demo for quick CLI calls, or start the stdio server for long‑running integration with agents.

# Per‑tool demo (CLI)
python server.py --demo pslist64

# Start the long‑running MCP stdio server (agent integration)
python server_mcp.py

Configuration and security

You can configure server behavior by editing a configuration file. The server scans a binaries directory to discover tools, and you can fine‑tune safety by enabling destruction confirmations or allowing destructive tools explicitly.

[server]
log_level = info
timeout = 30
allow_destructive = false

Additional notes

Place your tool folders under a binaries directory so the server can discover them automatically. Examples include systeminternals and nirsoft. Destructive tools such as sdelete, psexec, and pskill are blocked by default; you can override this with a confirmation or by allowing destructive tools in the configuration.

Available tools

pslist64

Demo tool that lists processes; used in per‑tool demos and for scripting results.

procexp64

Process Explorer demo tool; used to inspect running processes in demonstrations.

sdelete

Destructive tool example that is blocked by default; requires explicit confirmation or permission to run.

psexec

Remote execution utility that is blocked by default; requires explicit confirmation or elevated permissions to run.

pskill

Process kill utility that is blocked by default; requires explicit confirmation to run.