A powershell MCP server that exposes available modules and allows the client to execute powershell scripts and commandlets

I suggest this should be an entirely separate project using the PowerShell SDK to invoke the capabilities. For example AIShell is separate.

Have tools that limit the powershell capabilities to be more secure (specific modules, using c#)

The operating system already provides permissions and access rights and most commands are simply wrappers to the OS API or commands. Reflection can be trivially used to bypass any restriction imposed by PowerShell including AMSI, and of course PowerShell can invoke native commands. Existing PSGallery cmdlets won't change and will have their existing features.

I suggest running such a server in a disposable container or sandbox as a non-administrator user and using Windows permissions or Linux SE to limit access. Unfortunately I have not had success running dotnet applications from a read-only filesystem so not sure if this could be used with PowerShell.

What kind of things do you want to restrict and at what granularity? For example you can already require signed scripts. Do you want to prevent reflection, the ability to run external commands or import modules into the current process? Anything that you configure as a given user can be bypassed by PowerShell running as that same user by simply changing the configuration and running a child copy of PowerShell.

Converting to a discussion since it's not something strictly actionable in this project itself.

Hello. I'd like to introduce an implementation example related to this proposal.

I've developed PowerShell.MCP, an MCP server:
https://github.com/yotsuda/PowerShell.MCP

I'm aware that Microsoft is working on integrating PowerShell with AI through AI Shell as an MCP client. On the other hand, PowerShell.MCP as an MCP server takes a different approach by providing PowerShell capabilities.

This project implements what was proposed in this discussion:

• Execution of PowerShell cmdlets, functions, and scripts in a PS console
• Persistent PowerShell session (preserving current location, variables, functions and imported modules)
• Universal integration with PowerShell modules and CLI tools

As @rhubarb-geek-nz pointed out, this project is implemented as a separate project using the PowerShell SDK.

Regarding Security
Regarding the security concerns raised by @rhubarb-geek-nz, PowerShell.MCP does not implement any special restrictions. It runs with user privileges, following the same security model as normal PowerShell usage. I've been using it almost daily for about six months since the initial release, and have not encountered any practical security issues.

I hope this can be helpful for those with similar needs. Feedback and suggestions are always welcome.