🟠 desktopcommandermcp

This is MCP server for Claude that gives it terminal control, file system search and diff file editing capabilities

Field	Value
Grade	C
Risk Score	32
Version	`0.2.40`
Vendor	wonderwhy-er
Stars	⭐ 5979
npm Package	`@wonderwhy-er/desktop-commander`
npm Downloads (30d)	55.4k
Language	TypeScript
Source	desktopcommandermcp
Scan Date	2026-05-01
Scanner	tooltrust-scanner/v0.3.9

Findings Summary

Severity	Count
Critical	0
High	9
Medium	14
Low	8
Info	26

Detailed Findings

🟡 🔑 `AS-002` — Excessive Permission Surface

Severity: Medium

Description: tool declares fs permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

🟡 🔑 `AS-002` — Excessive Permission Surface

Severity: Medium

Description: tool declares fs permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

🟡 🔑 `AS-002` — Excessive Permission Surface

Severity: Medium

Description: tool declares fs permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

🟠 🔑 `AS-002` — Excessive Permission Surface

Severity: High

Description: tool declares network permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

🔵 ⚡ `AS-011` — DoS Resilience — Missing Rate Limit / Timeout

Severity: Low

Description: tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration

Recommendation: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

🟡 🔑 `AS-002` — Excessive Permission Surface

Severity: Medium

Description: tool declares fs permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

🟡 🔑 `AS-002` — Excessive Permission Surface

Severity: Medium

Description: tool declares fs permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

🟡 🔑 `AS-002` — Excessive Permission Surface

Severity: Medium

Description: tool declares fs permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

🟡 🔑 `AS-002` — Excessive Permission Surface

Severity: Medium

Description: tool declares fs permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

🟡 🔑 `AS-002` — Excessive Permission Surface

Severity: Medium

Description: tool declares fs permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

🟡 🔑 `AS-002` — Excessive Permission Surface

Severity: Medium

Description: tool declares fs permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

🟡 🔑 `AS-002` — Excessive Permission Surface

Severity: Medium

Description: tool declares fs permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

🟠 🔑 `AS-002` — Excessive Permission Surface

Severity: High

Description: tool declares network permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

🔵 ⚡ `AS-011` — DoS Resilience — Missing Rate Limit / Timeout

Severity: Low

Description: tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration

Recommendation: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

🟠 🔑 `AS-002` — Excessive Permission Surface

Severity: High

Description: tool declares network permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

🔵 ⚡ `AS-011` — DoS Resilience — Missing Rate Limit / Timeout

Severity: Low

Description: tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration

Recommendation: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

🟠 🔑 `AS-002` — Excessive Permission Surface

Severity: High

Description: tool declares network permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

🔵 ⚡ `AS-011` — DoS Resilience — Missing Rate Limit / Timeout

Severity: Low

Description: tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration

Recommendation: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

🟠 🔑 `AS-002` — Excessive Permission Surface

Severity: High

Description: tool declares network permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

🔵 ⚡ `AS-011` — DoS Resilience — Missing Rate Limit / Timeout

Severity: Low

Description: tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration

Recommendation: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

🟡 🔑 `AS-002` — Excessive Permission Surface

Severity: Medium

Description: tool declares fs permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

🟡 🔑 `AS-002` — Excessive Permission Surface

Severity: Medium

Description: tool declares fs permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

🟡 🔑 `AS-002` — Excessive Permission Surface

Severity: Medium

Description: tool declares fs permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

🟠 🔑 `AS-002` — Excessive Permission Surface

Severity: High

Description: tool declares exec permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

🔵 ⚡ `AS-011` — DoS Resilience — Missing Rate Limit / Timeout

Severity: Low

Description: tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration

Recommendation: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

🟡 🔑 `AS-002` — Excessive Permission Surface

Severity: Medium

Description: tool declares fs permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

🟠 🔑 `AS-002` — Excessive Permission Surface

Severity: High

Description: tool declares exec permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

🔵 ⚡ `AS-011` — DoS Resilience — Missing Rate Limit / Timeout

Severity: Low

Description: tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration

Recommendation: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

🟠 🔑 `AS-002` — Excessive Permission Surface

Severity: High

Description: tool declares exec permission

Recommendation: Tool requests broad permissions (exec/fs/network). Validate input parameters using Enums where possible, and restrict file system operations to explicit allowed directories.

🟠 📐 `AS-003` — Scope Mismatch

Severity: High

Description: tool name "list_sessions" implies read-only operation but declares exec permission

Recommendation: Ensure tool names, descriptions, and permission declarations are internally consistent. Use explicit naming conventions that fully reflect actual capabilities.

🔵 ⚡ `AS-011` — DoS Resilience — Missing Rate Limit / Timeout

Severity: Low

Description: tool performs network or execution operations but declares no rate-limit, timeout, or retry configuration

Recommendation: Declare explicit rate-limit, timeout, and retry configuration for all network and execution tools. Implement exponential back-off and surface resource state to the calling agent.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

Severity: Info

Description: Tool did not expose metadata.dependencies or repo_url, so supply-chain coverage is limited.

Recommendation: Review and remediate the identified issue.

Scored using ToolTrust methodology · Raw JSON report

FilesExpand file tree

desktopcommandermcp.md

Latest commit

History

desktopcommandermcp.md

File metadata and controls

🟠 desktopcommandermcp

Findings Summary

Detailed Findings

🟡 🔑 AS-002 — Excessive Permission Surface

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 AS-002 — Excessive Permission Surface

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 AS-002 — Excessive Permission Surface

🟠 🔑 AS-002 — Excessive Permission Surface

🔵 ⚡ AS-011 — DoS Resilience — Missing Rate Limit / Timeout

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 AS-002 — Excessive Permission Surface

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 AS-002 — Excessive Permission Surface

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 AS-002 — Excessive Permission Surface

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 AS-002 — Excessive Permission Surface

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 AS-002 — Excessive Permission Surface

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 AS-002 — Excessive Permission Surface

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 AS-002 — Excessive Permission Surface

🟠 🔑 AS-002 — Excessive Permission Surface

🔵 ⚡ AS-011 — DoS Resilience — Missing Rate Limit / Timeout

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

🟠 🔑 AS-002 — Excessive Permission Surface

🔵 ⚡ AS-011 — DoS Resilience — Missing Rate Limit / Timeout

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

🟠 🔑 AS-002 — Excessive Permission Surface

🔵 ⚡ AS-011 — DoS Resilience — Missing Rate Limit / Timeout

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

🟠 🔑 AS-002 — Excessive Permission Surface

🔵 ⚡ AS-011 — DoS Resilience — Missing Rate Limit / Timeout

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 AS-002 — Excessive Permission Surface

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 AS-002 — Excessive Permission Surface

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 AS-002 — Excessive Permission Surface

🟠 🔑 AS-002 — Excessive Permission Surface

🔵 ⚡ AS-011 — DoS Resilience — Missing Rate Limit / Timeout

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 AS-002 — Excessive Permission Surface

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

🟠 🔑 AS-002 — Excessive Permission Surface

🔵 ⚡ AS-011 — DoS Resilience — Missing Rate Limit / Timeout

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

🟠 🔑 AS-002 — Excessive Permission Surface

🟠 📐 AS-003 — Scope Mismatch

🔵 ⚡ AS-011 — DoS Resilience — Missing Rate Limit / Timeout

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

⚪ AS-014 — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 `AS-002` — Excessive Permission Surface

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 `AS-002` — Excessive Permission Surface

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 `AS-002` — Excessive Permission Surface

🟠 🔑 `AS-002` — Excessive Permission Surface

🔵 ⚡ `AS-011` — DoS Resilience — Missing Rate Limit / Timeout

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 `AS-002` — Excessive Permission Surface

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 `AS-002` — Excessive Permission Surface

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 `AS-002` — Excessive Permission Surface

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 `AS-002` — Excessive Permission Surface

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 `AS-002` — Excessive Permission Surface

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 `AS-002` — Excessive Permission Surface

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 `AS-002` — Excessive Permission Surface

🟠 🔑 `AS-002` — Excessive Permission Surface

🔵 ⚡ `AS-011` — DoS Resilience — Missing Rate Limit / Timeout

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

🟠 🔑 `AS-002` — Excessive Permission Surface

🔵 ⚡ `AS-011` — DoS Resilience — Missing Rate Limit / Timeout

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

🟠 🔑 `AS-002` — Excessive Permission Surface

🔵 ⚡ `AS-011` — DoS Resilience — Missing Rate Limit / Timeout

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

🟠 🔑 `AS-002` — Excessive Permission Surface

🔵 ⚡ `AS-011` — DoS Resilience — Missing Rate Limit / Timeout

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 `AS-002` — Excessive Permission Surface

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 `AS-002` — Excessive Permission Surface

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 `AS-002` — Excessive Permission Surface

🟠 🔑 `AS-002` — Excessive Permission Surface

🔵 ⚡ `AS-011` — DoS Resilience — Missing Rate Limit / Timeout

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

🟡 🔑 `AS-002` — Excessive Permission Surface

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

🟠 🔑 `AS-002` — Excessive Permission Surface

🔵 ⚡ `AS-011` — DoS Resilience — Missing Rate Limit / Timeout

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

🟠 🔑 `AS-002` — Excessive Permission Surface

🟠 📐 `AS-003` — Scope Mismatch

🔵 ⚡ `AS-011` — DoS Resilience — Missing Rate Limit / Timeout

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE

⚪ `AS-014` — DEPENDENCY_INVENTORY_UNAVAILABLE