MCP Shell
Execute secure shell commands from AI assistants and other MCP clients, with configurable security settings.
mcp-shell
MCP server that runs shell commands. Your LLM gets a tool; you get control over what runs and how.
Built on mark3labs/mcp-go. Written in Go.
Run it
Docker (easiest):
docker run -it --rm -v /tmp/mcp-workspace:/tmp/mcp-workspace sonirico/mcp-shell:latest
From source:
git clone https://github.com/sonirico/mcp-shell && cd mcp-shell
make install
mcp-shell
Configure it
Security is off by default. To enable it, point to a YAML config:
export MCP_SHELL_SEC_CONFIG_FILE=/path/to/security.yaml
mcp-shell
Secure mode (recommended) — no shell interpretation, executable allowlist only:
security:
enabled: true
use_shell_execution: false
allowed_executables:
- ls
- cat
- grep
- find
- echo
- /usr/bin/git
blocked_patterns: # optional: restrict args on allowed commands
- '(^|\s)remote\s+(-v|--verbose)(\s|$)'
max_execution_time: 30s
max_output_size: 1048576
working_directory: /tmp/mcp-workspace
audit_log: true
Legacy mode — shell execution, allowlist/blocklist by command string (vulnerable to injection if not careful):
security:
enabled: true
use_shell_execution: true
allowed_commands: [ls, cat, grep, echo]
blocked_patterns: ['rm\s+-rf', 'sudo\s+']
max_execution_time: 30s
audit_log: true
Wire it up
Claude Desktop — add to your MCP config:
{
"mcpServers": {
"shell": {
"command": "docker",
"args": ["run", "--rm", "-i", "sonirico/mcp-shell:latest"],
"env": { "MCP_SHELL_LOG_LEVEL": "info" }
}
}
}
For custom config, mount the file and set the env:
{
"command": "docker",
"args": ["run", "--rm", "-i", "-v", "/path/to/security.yaml:/etc/mcp-shell/security.yaml", "-e", "MCP_SHELL_SEC_CONFIG_FILE=/etc/mcp-shell/security.yaml", "sonirico/mcp-shell:latest"]
}
Tool API
| Parameter | Type | Description |
|---|---|---|
command | string | Shell command to run (required) |
base64 | boolean | Encode stdout/stderr as base64 (default: false) |
Response includes status, exit_code, stdout, stderr, command, execution_time, and optional security_info.
Environment variables
| Variable | Description |
|---|---|
MCP_SHELL_SEC_CONFIG_FILE | Path to security YAML |
MCP_SHELL_SERVER_NAME | Server name (default: "mcp-shell 🐚") |
MCP_SHELL_LOG_LEVEL | debug, info, warn, error, fatal |
MCP_SHELL_LOG_FORMAT | json, console |
MCP_SHELL_LOG_OUTPUT | stdout, stderr, file |
Development
make install dev-tools # deps + goimports, golines
make fmt test lint
make docker-build # build image locally
make release # binary + docker image
Security
- Default: No restrictions. Commands run with full access. Fine for local dev; dangerous otherwise.
- Secure mode (
use_shell_execution: false): Executable allowlist, no shell parsing. Blocks injection. - Docker: Runs as non-root, Alpine-based. Use it in production.
Contributing
Fork, branch, make fmt test, open a PR.
관련 서버
Alpha Vantage MCP Server
스폰서Access financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
Bloomfilter
Let AI agents search, register, and manage domains via API
Autodocument
Automatically generates documentation for code repositories by analyzing directory structures and code files using the OpenRouter API.
Debugg AI
Enable your code gen agents to create & run 0-config end-to-end tests against new code changes in remote browsers via the Debugg AI testing platform.
FeedOracle Macro Intelligence
Deterministic macro regime engine for AI trading agents — RISK_ON / NEUTRAL / RISK_OFF / STRESS with transparent scoring rules.
DALL-E Image Generator
Generate images using OpenAI's DALL-E API.
Rails MCP Server
An MCP server for Rails projects, allowing LLMs to interact with your application.
MCP Streamable HTTP Python Server
A Python template for creating a streamable HTTP MCP server. Requires an external 'mcp-config.json' file for client setup.
NativeWind
Transform Tailwind components to NativeWind 4.
Claude MCP Tools
An MCP server ecosystem for integrating with Anthropic's Claude Desktop and Claude Code CLI.
Remote MCP Server (Authless)
An example of a remote MCP server deployable on Cloudflare Workers without authentication.