Cursor Admin
БесплатноНе проверенA cross-platform MCP server providing secure, user-approved privilege escalation for Cursor agents, with tools for running commands as admin on Windows and root
Описание
A cross-platform MCP server providing secure, user-approved privilege escalation for Cursor agents, with tools for running commands as admin on Windows and root on Linux.
README
Cross-platform secure MCP server for Cursor agents. Exposes elevated execution tools with mandatory human approval before privilege escalation:
- Windows:
run_as_admin— PowerShell with WPF approval dialog and UAC - Linux / macOS:
run_as_root— bash with approval dialog andsudo
Requirements
All platforms
- Node.js 20 or later
Windows (run_as_admin)
- Windows 10 or later
- Windows PowerShell 5.1 (default
powershellon Windows) - WPF (
PresentationFramework) for the approval dialog
Linux (run_as_root)
- bash
sudo(user must have sudo privileges)zenityfor approval and password dialogsDISPLAYorWAYLAND_DISPLAYset (GUI session required)
Install example (Debian/Ubuntu):
sudo apt install zenity
macOS (run_as_root)
- bash
sudo(user must be an administrator)osascriptfor approval and password dialogs (built into macOS)- GUI session required (osascript dialogs)
Security model
Both tools follow the same pattern: payload isolation, visual approval, privilege escalation, log capture, cleanup.
Windows — run_as_admin
- The agent sends a PowerShell command string.
- The server writes the command to an isolated temporary
.ps1file. - A wrapper script shows a WPF
MessageBoxwith the exact command payload. - If the user clicks Yes, UAC prompts for elevation and the payload runs elevated.
- If the user clicks No, execution stops and the tool returns
Execution denied by user. - stdout/stderr are captured to a temporary log file and returned to the agent.
- All temporary files are deleted after each invocation.
Linux — run_as_root
- The agent sends a bash command string.
- The server writes the command to an isolated temporary
.shfile. - A wrapper script shows a zenity question dialog with the exact command payload.
- If the user clicks Yes,
sudo -Aruns the payload using a temporarySUDO_ASKPASSscript (zenity --password). - If the user clicks No, execution stops and the tool returns
Execution denied by user. - stdout/stderr are captured to a temporary log file and returned to the agent.
- All temporary files are deleted after each invocation.
macOS — run_as_root
- The agent sends a bash command string.
- The server writes the command to an isolated temporary
.shfile. - A wrapper script shows an osascript dialog with the exact command payload.
- If the user clicks Yes,
sudo -Aruns the payload using a temporarySUDO_ASKPASSscript (osascript hidden-password dialog). - If the user clicks No, execution stops and the tool returns
Execution denied by user. - stdout/stderr are captured to a temporary log file and returned to the agent.
- All temporary files are deleted after each invocation.
The agent cannot bypass approval or elevation on any platform. Use the tool that matches the current OS.
Build and run
npm install
npm run build
npm start
Other scripts:
npm run typecheck— TypeScript check without emitnpm test— run unit tests
Branching and releases
| Branch | Purpose |
|---|---|
develop |
Day-to-day development; open PRs here |
main |
Stable releases only; merge from develop when ready |
Workflow:
- Branch from
developfor features and fixes. - Open pull requests targeting
develop. CI runs on every push and PR. - When ready to ship, merge
developintomain(via PR or fast-forward merge). - Each push to
mainruns the Release workflow: build, test, then create a GitHub release taggedv{version}frompackage.json. - Bump
versioninpackage.jsonbefore merging tomainso each release gets a unique tag. If the tag already exists, the release job skips creation and logs a reminder to bump the version.
To start using develop:
git checkout -b develop
git push -u origin develop
Set develop as the default branch in GitHub repository settings if you want new PRs to target it by default.
Cursor MCP configuration
Add this server in Cursor → Settings → Features → MCP Servers (adjust the path if your clone location differs):
{
"mcpServers": {
"cursor-admin-mcp": {
"command": "node",
"args": ["C:\\dev\\repos\\others\\cursor_admin_mcp\\dist\\index.js"]
}
}
}
On Linux and macOS, use the appropriate absolute path to dist/index.js.
After changing MCP settings, reload MCP servers in Cursor.
Manual smoke test
Windows
- Build the project:
npm run build - Register the MCP server in Cursor using the config above.
- Ask the agent to call
run_as_adminwith:Write-Output "hello" - Confirm the WPF dialog shows the exact command.
- Click Yes, approve UAC, and verify output contains
hello. - Run again and click No — verify the tool returns
Execution denied by user.without a UAC prompt. - Confirm no leftover temp files remain under
%TEMP%.
Linux
- Build the project:
npm run build - Register the MCP server in Cursor.
- Ask the agent to call
run_as_rootwith:echo "hello" - Confirm the zenity dialog shows the exact command.
- Click Yes, enter your sudo password in the zenity prompt, and verify output contains
hello. - Run again and click No — verify the tool returns
Execution denied by user.without a sudo prompt. - Confirm no leftover temp files remain under
/tmp.
macOS
- Build the project:
npm run build - Register the MCP server in Cursor.
- Ask the agent to call
run_as_rootwith:echo "hello" - Confirm the osascript dialog shows the exact command.
- Click Yes, enter your administrator password in the osascript prompt, and verify output contains
hello. - Run again and click No — verify the tool returns
Execution denied by user.without a sudo prompt. - Confirm no leftover temp files remain under
$TMPDIR.
Calling run_as_admin on Linux or macOS, or run_as_root on Windows, returns a clear platform error without elevation.
SDK note
This project uses @modelcontextprotocol/[email protected] (MCP TypeScript SDK v2 alpha). The v2 API may change before stable release.
License
MIT — see LICENSE.
Установка Cursor Admin
У этого сервера нет опубликованного пакета — он собирается из исходников. Открой репозиторий и следуй инструкции в README.
▸ github.com/Jon2G/cursor_admin_mcpFAQ
Cursor Admin MCP бесплатный?
Да, Cursor Admin MCP бесплатный — установка в пару кликов через Unyly без оплаты.
Нужен ли API-ключ для Cursor Admin?
Нет, Cursor Admin работает без API-ключей и переменных окружения.
Cursor Admin — hosted или self-hosted?
Self-hosted: сервер запускается локально на твоей машине командой из раздела установки.
Как установить Cursor Admin в Claude Desktop, Claude Code или Cursor?
Открой Cursor Admin на unyly.org, выбери вкладку своего клиента (Claude Desktop, Claude Code, Cursor) и нажми Install — конфиг сгенерируется автоматически, без правки JSON.
Похожие MCP
GitHub
PRs, issues, code search, CI status
автор: GitHubFilesystem
Secure file operations with configurable access controls.
Memory
Knowledge graph-based persistent memory system.
Template MCP Server
A CLI tool to create a new Model Context Protocol server project with TypeScript support, dual transport options, and an extensible structure
автор: mcpdotdirectCompare Cursor Admin with
Не уверен что выбрать?
Найди свой стек за 60 секунд
Автор?
Embed-бейдж для README
Похожее
Все в категории development
