Open source

NullOut remove the unremovable.

MCP server that finds and safely removes undeletable files on Windows — reserved device names, trailing dots, overlong paths.

Get started Learn more

Install

pip install nullout-mcp

Configure

set NULLOUT_ROOTS=C:\Users\me\Downloads

Run

nullout-mcp

Features

Safe filesystem cleanup for Windows edge cases.

Scan

Detect reserved device names (CON, PRN, NUL, COM1-COM9), trailing dots/spaces, and overlong paths across allowlisted directories.

Plan

Generate HMAC-signed confirmation tokens bound to file identity (volume serial + file ID) with automatic TOCTOU protection.

Delete

Remove hazardous entries via the \\?\ extended path namespace. Files only — empty directories only. No raw paths accepted.

MCP Tools

7 tools — 6 read-only, 1 destructive.

Tool

Type

Purpose

list_allowed_roots

read-only

Show configured scan roots

scan_reserved_names

read-only

Find hazardous entries in a root

get_finding

read-only

Get full details for a finding

plan_cleanup

read-only

Generate deletion plan with confirmation tokens

delete_entry

destructive

Delete a file or empty directory (requires token)

who_is_using

read-only

Identify processes locking a file (Restart Manager)

get_server_info

read-only

Server metadata, policies, and capabilities

Usage

Install

pip install nullout-mcp

Configure

# Set allowlisted scan roots
set NULLOUT_ROOTS=C:\Users\me\Downloads;C:\temp\cleanup

# Token signing secret
set NULLOUT_TOKEN_SECRET=your-random-secret-here

Safety Model

Defense in depth for filesystem operations.

Root Confinement

All operations confined to directories you explicitly allowlist via NULLOUT_ROOTS. Path traversal attempts are resolved and rejected.

Reparse Deny-All

Junctions, symlinks, and mount points are detected and never traversed or deleted.

Identity Binding

Confirmation tokens are HMAC-SHA256 signed and bound to volume serial + file ID. Any change between scan and delete is rejected.