MCP Shell
Execute secure shell commands from AI assistants and other MCP clients, with configurable security settings.
mcp-shell
MCP server that runs shell commands. Your LLM gets a tool; you get control over what runs and how.
Built on mark3labs/mcp-go. Written in Go.
Run it
Docker (easiest):
docker run -it --rm -v /tmp/mcp-workspace:/tmp/mcp-workspace sonirico/mcp-shell:latest
From source:
git clone https://github.com/sonirico/mcp-shell && cd mcp-shell
make install
mcp-shell
Configure it
Security is off by default. To enable it, point to a YAML config:
export MCP_SHELL_SEC_CONFIG_FILE=/path/to/security.yaml
mcp-shell
Secure mode (recommended) — no shell interpretation, executable allowlist only:
security:
enabled: true
use_shell_execution: false
allowed_executables:
- ls
- cat
- grep
- find
- echo
- /usr/bin/git
blocked_patterns: # optional: restrict args on allowed commands
- '(^|\s)remote\s+(-v|--verbose)(\s|$)'
max_execution_time: 30s
max_output_size: 1048576
working_directory: /tmp/mcp-workspace
audit_log: true
Legacy mode — shell execution, allowlist/blocklist by command string (vulnerable to injection if not careful):
security:
enabled: true
use_shell_execution: true
allowed_commands: [ls, cat, grep, echo]
blocked_patterns: ['rm\s+-rf', 'sudo\s+']
max_execution_time: 30s
audit_log: true
Wire it up
Claude Desktop — add to your MCP config:
{
"mcpServers": {
"shell": {
"command": "docker",
"args": ["run", "--rm", "-i", "sonirico/mcp-shell:latest"],
"env": { "MCP_SHELL_LOG_LEVEL": "info" }
}
}
}
For custom config, mount the file and set the env:
{
"command": "docker",
"args": ["run", "--rm", "-i", "-v", "/path/to/security.yaml:/etc/mcp-shell/security.yaml", "-e", "MCP_SHELL_SEC_CONFIG_FILE=/etc/mcp-shell/security.yaml", "sonirico/mcp-shell:latest"]
}
Tool API
| Parameter | Type | Description |
|---|---|---|
command | string | Shell command to run (required) |
base64 | boolean | Encode stdout/stderr as base64 (default: false) |
Response includes status, exit_code, stdout, stderr, command, execution_time, and optional security_info.
Environment variables
| Variable | Description |
|---|---|
MCP_SHELL_SEC_CONFIG_FILE | Path to security YAML |
MCP_SHELL_SERVER_NAME | Server name (default: "mcp-shell 🐚") |
MCP_SHELL_LOG_LEVEL | debug, info, warn, error, fatal |
MCP_SHELL_LOG_FORMAT | json, console |
MCP_SHELL_LOG_OUTPUT | stdout, stderr, file |
Development
make install dev-tools # deps + goimports, golines
make fmt test lint
make docker-build # build image locally
make release # binary + docker image
Security
- Default: No restrictions. Commands run with full access. Fine for local dev; dangerous otherwise.
- Secure mode (
use_shell_execution: false): Executable allowlist, no shell parsing. Blocks injection. - Docker: Runs as non-root, Alpine-based. Use it in production.
Contributing
Fork, branch, make fmt test, open a PR.
Похожие серверы
Scout Monitoring MCP
спонсорPut performance and error data directly in the hands of your AI assistant.
Alpha Vantage MCP Server
спонсорAccess financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
NestJS MCP Server Module
A NestJS module for building MCP servers to expose tools and resources for AI, with support for multiple transport types.
FLUX Image Generator
Generate images using Black Forest Lab's FLUX model.
Kirby MCP
CLI-first MCP server for composer-based Kirby CMS projects—inspect blueprints/templates/plugins, interact with a real Kirby runtime, and use a bundled Kirby knowledge base.
Jakarta Migration MCP
Specialized tools for analyzing and migrating Java applications from Java EE 8 (javax.*) to Jakarta EE 9+ (jakarta.*).
Grantex MCP
13-tool MCP server for AI agent authorization. Manage agents, grants, tokens, and audit logs from Claude Desktop, Cursor, or Windsurf. Plus @grantex/mcp-auth for adding OAuth
LambdaTest MCP Server
LambdaTest MCP Servers ranging from Accessibility, SmartUI, Automation, and HyperExecute allows you to connect AI assistants with your testing workflow, streamlining setup, analyzing failures, and generating fixes to speed up testing and improve efficiency.
GitLab MR & Confluence Linker
Analyzes GitLab merge requests and links them to Confluence documentation.
Lisply-MCP
A Node.js middleware that allows AI agents to interact with Lisp-based systems using the Lisply protocol.
cli-mcp
A command-line interface (CLI) client for calling tools from local and remote MCP servers.
Glif
Run AI workflows from glif.app using the Glif MCP server.