Skip to content

knewstimek/agent-tool

v0.7.11 Security

This release includes 1 security fix for security teams reviewing exposed deployments.

Published 2mo MCP Developer Tools
✓ No known CVEs patched
Read the diff → Tool health → What is this tool? →
This release patches 1 known CVE

Topics

ai-coding automation claude-code cli codex cross-platform
+13 more
cursor developer-tools dns encoding file-tools go mcp mcp-server mysql redis sftp ssh tls

Summary

AI summary

Clipboard image reading added for Windows clipboard via wintool and read tool now returns images as MCP ImageContent.

Full changelog

Quick Start

  1. Download the binary for your OS below
  2. Run agent-tool install (or agent-tool install claude)
  3. Restart your IDE
  4. Done - all tools work immediately, no permission popups

Or just ask your AI agent:

"Download agent-tool from https://github.com/knewstimek/agent-tool/releases/latest and run agent-tool install"

Any capable AI coding agent (Claude Code, Codex, etc.) can handle the full download -> install -> restart flow automatically.

Tip: Add this to your CLAUDE.md or AGENTS.md so your agent prefers agent-tool over built-in tools:

Strict mode:

ALWAYS use agent-tool MCP tools (mcp__agent-tool__*) instead of built-in file tools. agent-tool preserves file encoding and respects .editorconfig indentation settings.

Soft mode:

Prefer agent-tool MCP tools (mcp__agent-tool__*) over built-in file tools when available.

What's New in v0.7.11

Clipboard image reading (wintool)

  • New clipboard operation reads images from the Windows clipboard
  • Supports 24-bit and 32-bit DIBs (BI_RGB and BI_BITFIELDS)
  • Use after Win+Shift+S or any image copy

ImageContent for screenshot/clipboard

  • screenshot and clipboard now return MCP ImageContent (base64 PNG) by default
  • AI agents can "see" the image directly in a single call - no temp file needed
  • Use save_path="temp" for auto temp file, or save_path="/path/to/file.png" for specific path

Image support in read tool

  • read now detects image files by extension (PNG, JPG, GIF, BMP, WebP, TIFF, ICO)
  • Image files are returned as MCP ImageContent (base64) instead of garbled text
  • SVG files returned as text (XML-based)
  • Temp files from screenshot/clipboard can now be viewed with read

Security

  • save_path validated with CheckDangerousPath + CheckWindowsReserved (same as delete/rename/mkdir)
  • Blocks system path writes, Windows reserved device names, and path traversal

Security Fixes

  • `save_path` validation added using `CheckDangerousPath` + `CheckWindowsReserved` to block system path writes, Windows reserved device names, and path traversal.
View diff on GitHub

Weekly OSS security release digest.

The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.

No spam, unsubscribe anytime.

Share this release

Share on X Share on Bluesky

Track knewstimek/agent-tool

Get notified when new releases ship.

Sign up free

About knewstimek/agent-tool

Encoding-aware, indentation-smart file tools for AI coding agents. 20+ tools including read/edit with automatic encoding detection, smart indentation conversion, SSH, SFTP, process management, and system utilities. Preserves file encoding (UTF-8, EUC-KR, Shift_JIS, etc.) and respects .editorconfig settings.

All releases →

Related context

Beta — feedback welcome: [email protected]