Command-Line MCP Server
A secure MCP server for executing terminal commands with controlled directory access and command permissions.
Command-Line MCP Server
An MCP server that lets AI assistants run terminal commands safely. Commands are categorized (read/write/system), directories are whitelisted, and dangerous patterns are blocked automatically.
Quick Start
pip install cmd-line-mcp
# Or from source
git clone https://github.com/andresthor/cmd-line-mcp.git
cd cmd-line-mcp
pip install -e .
Run the server:
cmd-line-mcp # default config
cmd-line-mcp --config config.json # custom config
Claude Desktop Setup
Add to ~/Library/Application Support/Claude/claude_desktop_config.json:
{
"mcpServers": {
"cmd-line": {
"command": "/path/to/venv/bin/cmd-line-mcp",
"args": ["--config", "/path/to/config.json"],
"env": {
"CMD_LINE_MCP_SECURITY_REQUIRE_SESSION_ID": "false",
"CMD_LINE_MCP_SECURITY_AUTO_APPROVE_DIRECTORIES_IN_DESKTOP_MODE": "true"
}
}
}
}
Restart Claude Desktop after saving.
[!TIP] Set
require_session_id: falseto prevent approval loops in Claude Desktop.
How It Works
Commands go through a validation pipeline before execution:
- Pattern matching — blocks dangerous constructs (
system(), shell escapes, etc.) - Command classification — each command must be in the read, write, system, or blocked list
- Directory check — target directory must be whitelisted or session-approved
- Approval check — write/system commands require session approval
Pipes, semicolons, and & are supported — each segment is validated independently.
What's Allowed
| Category | Commands | Approval |
|---|---|---|
| Read | ls, cat, grep, find, head, tail, sort, wc, … | Auto |
| Write | cp, mv, rm, mkdir, touch, chmod, awk, sed, … | Required |
| System | ps, ping, curl, ssh, xargs, … | Required |
| Blocked | sudo, bash, sh, python, eval, … | Always denied |
What's Blocked
Shells, scripting interpreters, and known command-execution vectors are blocked — including indirect execution through awk system(), sed /e, find -exec, tar --checkpoint-action, env, and xargs. See docs/SECURITY.md for the full list.
Configuration
The server works out of the box with sensible defaults. Customize via JSON config, environment variables, or .env files:
# Whitelist directories
export CMD_LINE_MCP_SECURITY_WHITELISTED_DIRECTORIES="/projects,/var/data"
# Add commands (merges with defaults)
export CMD_LINE_MCP_COMMANDS_READ="jq,rg"
See docs/CONFIGURATION.md for full configuration reference, MCP tool documentation, and directory security details.
License
MIT
相关服务器
Alpha Vantage MCP Server
赞助Access financial market data: realtime & historical stock, ETF, options, forex, crypto, commodities, fundamentals, technical indicators, & more
FastMCP
A TypeScript framework for building MCP servers with client session handling.
reptor-mcp
An MCP server for Reptor/SysReptor that exposes the reptor CLI tool as a programmable service, configured via environment variables.
CodeToPrompt MCP Server
An MCP server for the codetoprompt library, enabling integration with LLM agents.
APIWeaver
Dynamically creates MCP servers from web API configurations, integrating any REST API, GraphQL endpoint, or web service into MCP-compatible tools.
Read Docs MCP
Enables AI agents to access and understand package documentation from local or remote repositories.
Remote MCP Server on Cloudflare
An MCP server deployable on Cloudflare Workers with OAuth login support.
Pathmode
Build structured intent specs through Socratic AI conversation. Describe a problem or paste a support ticket — Claude challenges vague thinking, asks pointed questions, and builds a structured spec. Exports as intent.md, .cursorrules, or CLAUDE.md.
MCP SysOperator
Manages Infrastructure as Code (IaC) operations using Ansible and Terraform. Requires external tools and manual setup.
Overture
Visual plan approval for AI coding agents. See your agent's plan as an interactive graph, attach context, choose approaches, then approve before any code is written.
mcp-analytics
MCP-native Web analytics. Install one JS snippet, add the connector to Claude/Cursor/ChatGPT, then ask questions about your traffic directly in chat. No dashboard. No charts. Just answers. EU-hosted, GDPR-ready. Free up to 100k hits/month.