
AETHER_01
from foursecondfivefour
AETHER_01 is an MCP (Model Context Protocol) server written in Rust that gives AI assistants full control over Windows 10/11 via standard input/output. From process management to GUI automation, from registry to WMI queries โ everything a system administrator needs.
AETHER_01 โ Full-Spectrum Windows Management MCP Server
10 tools. 99% Windows coverage. Zero security compromises.
AETHER_01 is an MCP (Model Context Protocol) server written in Rust that gives AI assistants full control over Windows 10/11 via standard input/output. From process management to GUI automation, from registry to WMI queries โ everything a system administrator needs.
Features
| # | Tool | Actions |
|---|---|---|
| 1 | process_control | list, kill, create, priority, threads, affinity, modules, DLL injection* |
| 2 | file_system | read/write/delete, ACL, symlinks, ADS streams, EFS, volumes, network shares |
| 3 | registry_editor | read/write/delete, all hives, security, monitoring, offline mounting* |
| 4 | service_manager | list, start/stop/restart, config, triggers, drivers |
| 5 | gui_automation | mouse, keyboard, windows, screenshots, clipboard, display, audio |
| 6 | system_info | CPU, memory, disk, OS, power, devices, BIOS, NTP, software, updates, BCD* |
| 7 | network_manager | adapters, connections, DNS, firewall, proxy, routing, WiFi, VPN, Bluetooth |
| 8 | user_management | users, groups, sessions, policies, certificates, credentials, tokens* |
| 9 | security_audit | audit, UAC, Defender, AppLocker, BitLocker, TPM, Secure Boot, exploit protection |
| 10 | system_automation | Event Log, Scheduled Tasks, WMI queries |
* = disabled by default, enabled via .env feature gates.
Feature Gates (.env)
Dangerous operations are disabled by default and enabled by the system administrator:
AETHER_BCD_EDIT=0 # Windows boot configuration editing
AETHER_HAL_CONFIG=0 # HAL and memory dump configuration
AETHER_OFFLINE_REGISTRY=0 # Offline registry hive mounting
AETHER_DLL_INJECT=0 # DLL injection into processes
AETHER_TOKEN_MANIPULATION=0 # Access token manipulation
AETHER_LSA_SECRETS=0 # LSA secret readingSecurity
The only vulnerability is human error. AETHER_01 is a system administrator tool โ like
sudo,regedit, orservices.msc. If you enable all feature gates, disableforcechecks, and blindly execute AI commands โ the server does exactly what you tell it. That's not a bug. That's the nature of an administrative tool. Full threat analysis: SECURITY.md
Threat Model
Your computer (trusted environment)
โ
โโโ Cursor / Claude / VS Code (AI client) โโโ same user, same machine
โ โ
โ โโโ AETHER_01 (stdio subprocess) โ SERVER
โ โ
โ โโโ Windows API (system calls) โ same machine, kernel
โ
โโโ Internet โ AETHER_01 has NO network accessAETHER_01 has no network access. It is a pure stdio process. It does not make HTTP requests, open ports, or listen for connections. All communication is through stdin/stdout with the local AI client.
What the server CANNOT do
| Capability | Status | Reason |
|---|---|---|
| Network connections | Impossible | No HTTP/TCP/UDP code |
| Shell execution | Impossible | Direct Win32 API only, no cmd.exe |
| Remote access | Impossible | stdio only, no HTTP/SSE/TCP |
| Data exfiltration | Impossible | No network path at all |
| Auto-start / persistence | Impossible | No installer, no service, no autorun |
| Auto-update | Impossible | No network request code |
Defense mechanisms
| Mechanism | Protection Level | Description |
|---|---|---|
| Feature Gates | Maximum | BCD Edit, DLL Injection, LSA Secrets, Token Manipulation, Offline Registry, HAL Config โ disabled by default in .env. Operations are unavailable without explicit admin enablement. |
force: true | High | Every dangerous operation requires explicit confirmation in parameters. Without "force": true the server refuses. |
| Input validation | High | Every parameter is validated before Win32 API calls. Invalid types, empty strings, invalid PIDs โ immediate rejection. |
| No shell injection | High | Zero cmd.exe / powershell.exe calls. All operations through direct Win32 API. No command injection path. |
| WMI SELECT only | Medium | WMI queries restricted to SELECT. DELETE/INSERT/UPDATE โ rejected. 30s timeout, 1000 row limit. |
| Path canonicalization | Medium | All file paths go through canonicalize to prevent path traversal. |
| Full audit logging | Medium | Every tool call logged to stderr: tool, action, parameters, result. |
Binary hardening
| Technology | Effect |
|---|---|
Control Flow Guard (/GUARD:CF) | Checks every indirect call โ blocks ROP/JOP attacks |
ASLR (/DYNAMICBASE + /HIGHENTROPYVA) | Random load address โ can't predict code location |
DEP/NX (/NXCOMPAT) | Stack and heap non-executable โ no shellcode injection |
Static CRT (+crt-static) | No external DLL dependency โ can't swap the library |
Fat LTO + codegen-units=1 | Full dead code removal โ smaller attack surface |
| Symbol stripping | No function names in binary โ harder reverse engineering |
| Panic=abort | No unwind tables โ smaller binary, no stack leaks |
Standards compliance
AETHER_01 follows:
- IETF draft: MCP Security Considerations โ all tool parameters treated as untrusted (originate from LLM susceptible to prompt injection)
- OWASP LLM Top 10 โ LLM06 (Excessive Agency) mitigated via
force: true+ feature gates; LLM02 (Insecure Output Handling) mitigated via parameter validation - Anthropic MCP Security Best Practices โ stdio transport (isolated), least privilege via gates, audit logging
Prompt injection resistance
AETHER_01 tool parameters come from an LLM that is susceptible to prompt injection. Therefore:
- Every string parameter is escaped before use in Win32 API
- No eval-like operations โ cannot "execute arbitrary code" through a parameter
- No format strings in Win32 API โ parameters are never interpreted as code
- WMI WQL is escaped โ single quotes in query strings are transformed
- Paths are canonicalized โ
..\..\windows\system32is normalized to a checkable path
Known CVEs and inapplicability
| CVE | Applicable to AETHER? | Why not |
|---|---|---|
| CVE-2025-54136 (MCPoison) | No | AETHER is a native .exe, not via npx/npm. MCP config contains no executable code โ only a binary path. |
| CVE-2025-54135 (CurXecute) | No | AETHER does not process MCP configs from repositories. Config is written once via install.ps1. |
| CVE-2025-64106 (TrustFall) | No | AETHER does not load workspace-level configs. |
| Command Injection | No | AETHER does not use shell. All Win32 API calls with typed parameters. |
Bottom line: if you don't enable feature gates without understanding them, don't disable
forcechecks, and don't run the binary from an untrusted source โ AETHER_01 is safe. Likesudoon Linux: a powerful tool requiring conscious use.
Report a vulnerability
SECURITY.md โ disclosure process, supported versions, supply chain audit.
Performance
opt-level = 3(all LLVM optimizations)lto = true(fat LTO across all crates)codegen-units = 1(full dead code elimination)panic = "abort"(no unwind tables)strip = "symbols"(minimal binary)target-cpu = native(AVX2, BMI2, FMA, POPCNT)
Project Structure
src/
โโโ main.rs # tokio::main, stdio transport
โโโ server.rs # AetherServer + tool_router
โโโ config.rs # FeatureGates from .env
โโโ error.rs # AetherError + FormatMessageW
โโโ audit.rs # Structured audit logging
โโโ tools/
โโโ process.rs # process_control
โโโ filesystem.rs # file_system
โโโ registry.rs # registry_editor
โโโ service.rs # service_manager
โโโ gui.rs # gui_automation
โโโ sysinfo.rs # system_info
โโโ network.rs # network_manager
โโโ user.rs # user_management
โโโ security.rs # security_audit
โโโ automation.rs # system_automationLicense
MIT
npm install -g @foursecondfivefour/aether-mcp-serverBefore it works, you'll need: RUST_LOG
Installation
AETHER_01 provides 5 installation methods โ pick the one that works best for you.
Method 1: npm global install (easiest)
npm install -g @foursecondfivefour/aether-mcp-serverThe postinstall script automatically downloads the latest Windows x64 binary from GitHub Releases and places it in your PATH.
Method 2: One-click PowerShell install
Run this in PowerShell 7+ (Administrator):
irm https://raw.githubusercontent.com/foursecondfivefour/aether-mcp-server/main/install.ps1 | iexThe script automatically:
- Downloads the latest AETHER_01 binary
- Creates
.envwith safe default settings - Registers the server in all detected AI environments: Cursor, Claude Desktop, Windsurf, VS Code, and more
Method 3: One-click editor integration
Click the badge for your editor:
If your browser/GitHub client does not open the Cursor deeplink, copy this link into the address bar:
cursor://anysphere.cursor-deeplink/mcp/install?name=aether-01&config=eyJjb21tYW5kIjoibnB4IiwiYXJncyI6WyIteSIsIkBmb3Vyc2Vjb25kZml2ZWZvdXIvYWV0aGVyLW1jcC1zZXJ2ZXIiXSwiZW52Ijp7IlJVU1RfTE9HIjoiaW5mbyJ9fQ==Method 4: Selective install with install.ps1
# Cursor only
.\install.ps1 -Targets cursor
# Claude Desktop + Windsurf
.\install.ps1 -Targets claude,windsurf
# Custom binary path
.\install.ps1 -BinaryPath target\release\aether-mcp-server.exe
# Specific release version
.\install.ps1 -ReleaseTag v1.0.1Method 5: Build from source
git clone https://github.com/foursecondfivefour/aether-mcp-server
cd aether-mcp-server
Copy-Item .env.example .env
cargo build --release
.\install.ps1 -BinaryPath target\release\aether-mcp-server.exeManual configuration (without install script)
<details> <summary><b>Cursor</b> โ <code>%USERPROFILE%\.cursor\mcp.json</code></summary>{
"mcpServers": {
"aether-01": {
"command": "d:\\path\\to\\aether-mcp-server.exe",
"env": { "RUST_LOG": "info" }
}
}
}{
"mcpServers": {
"aether-01": {
"command": "d:\\path\\to\\aether-mcp-server.exe",
"env": { "RUST_LOG": "info" }
}
}
}{
"mcpServers": {
"aether-01": {
"command": "d:\\path\\to\\aether-mcp-server.exe",
"env": { "RUST_LOG": "info" }
}
}
}{
"mcpServers": {
"aether-01": {
"command": "d:\\path\\to\\aether-mcp-server.exe",
"env": { "RUST_LOG": "info" }
}
}
}After configuring, restart your editor. The MCP panel will show 10 AETHER_01 tools.
No common issues documented yet. If you hit a problem, the repository's GitHub Issues page is the best place to look.
