MCP Shell

Execute secure shell commands from AI assistants and other MCP clients, with configurable security settings.

mcp-shell

MCP server that runs shell commands. Your LLM gets a tool; you get control over what runs and how.

Built on mark3labs/mcp-go. Written in Go.

Run it

Docker (easiest):

docker run -it --rm -v /tmp/mcp-workspace:/tmp/mcp-workspace sonirico/mcp-shell:latest

From source:

git clone https://github.com/sonirico/mcp-shell && cd mcp-shell
make install
mcp-shell

Configure it

Security is off by default. To enable it, point to a YAML config:

export MCP_SHELL_SEC_CONFIG_FILE=/path/to/security.yaml
mcp-shell

Secure mode (recommended) — no shell interpretation, executable allowlist only:

security:
  enabled: true
  use_shell_execution: false
  allowed_executables:
    - ls
    - cat
    - grep
    - find
    - echo
    - /usr/bin/git
  blocked_patterns:          # optional: restrict args on allowed commands
    - '(^|\s)remote\s+(-v|--verbose)(\s|$)'
  max_execution_time: 30s
  max_output_size: 1048576
  working_directory: /tmp/mcp-workspace
  audit_log: true

Legacy mode — shell execution, allowlist/blocklist by command string (vulnerable to injection if not careful):

security:
  enabled: true
  use_shell_execution: true
  allowed_commands: [ls, cat, grep, echo]
  blocked_patterns: ['rm\s+-rf', 'sudo\s+']
  max_execution_time: 30s
  audit_log: true

Wire it up

Claude Desktop — add to your MCP config:

{
  "mcpServers": {
    "shell": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "sonirico/mcp-shell:latest"],
      "env": { "MCP_SHELL_LOG_LEVEL": "info" }
    }
  }
}

For custom config, mount the file and set the env:

{
  "command": "docker",
  "args": ["run", "--rm", "-i", "-v", "/path/to/security.yaml:/etc/mcp-shell/security.yaml", "-e", "MCP_SHELL_SEC_CONFIG_FILE=/etc/mcp-shell/security.yaml", "sonirico/mcp-shell:latest"]
}

Tool API

Parameter	Type	Description
`command`	string	Shell command to run (required)
`base64`	boolean	Encode stdout/stderr as base64 (default: false)

Response includes status, exit_code, stdout, stderr, command, execution_time, and optional security_info.

Environment variables

Variable	Description
`MCP_SHELL_SEC_CONFIG_FILE`	Path to security YAML
`MCP_SHELL_SERVER_NAME`	Server name (default: "mcp-shell 🐚")
`MCP_SHELL_LOG_LEVEL`	debug, info, warn, error, fatal
`MCP_SHELL_LOG_FORMAT`	json, console
`MCP_SHELL_LOG_OUTPUT`	stdout, stderr, file

Development

make install dev-tools   # deps + goimports, golines
make fmt test lint
make docker-build       # build image locally
make release            # binary + docker image

Security

Default: No restrictions. Commands run with full access. Fine for local dev; dangerous otherwise.
Secure mode (use_shell_execution: false): Executable allowlist, no shell parsing. Blocks injection.
Docker: Runs as non-root, Alpine-based. Use it in production.

Contributing

Fork, branch, make fmt test, open a PR.

Máy chủ liên quan

Scout Monitoring MCP

nhà tài trợ

Put performance and error data directly in the hands of your AI assistant.

Alpha Vantage MCP Server

nhà tài trợ

Access financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more

Kubernetes MCP Server

Inspect and debug Kubernetes clusters with read-only access to resources, CRDs, and pod logs.

1MCP

A unified MCP server that aggregates multiple MCP servers into a single endpoint.

Swagger MCP Server

An example MCP server for deployment on Cloudflare Workers without authentication.

Harness

Access and interact with Harness platform data, including pipelines, repositories, logs, and artifact registries.

Replicate Ideogram V3 Balanced

Generate images using the Ideogram V3 Balanced model on Replicate.

Terraform MCP Server by Binadox

MCP server for Terraform — automatically validates, secures, and estimates cloud costs for Terraform configurations. Developed by Binadox, it integrates with any Model Context Protocol (MCP) client (e.g. Claude Desktop or other MCP-compatible AI assistants).

Python Notebook MCP

Enables AI assistants to interact with local Jupyter notebooks (.ipynb).

MCP Bench Router

Claude Code sucks at design. Let it delegate it's tasks to better models. Claude will use the MCP to get leaderboard of best design models and query specific code changes using OpenRouter.

MCP Sandbox

Execute Python code and install packages safely within isolated Docker containers.

CodeVF MCP

CodeVF MCP lets AI hand off problems to real engineers instantly, so your workflows don’t stall when models hit their limits.