MCP.so
ログイン

MCP Shell Server

@tumf

MCP Shell Server について

Secure MCP server for whitelisted shell command execution with stdin, argv pipelines, timeouts, and structured audit logging.

基本情報

カテゴリ

開発者ツール

ライセンス

MIT

ランタイム

python

トランスポート

stdio

公開者

tumf

設定

以下の設定を使って、このサーバーを MCP 対応クライアントに追加してください。

{
  "mcpServers": {
    "mcp-shell-server": {
      "command": "npx",
      "args": [
        "-y",
        "@smithery/cli",
        "install",
        "mcp-shell-server",
        "--client",
        "claude"
      ]
    }
  }
}

ツール

ツールは検出されませんでした

ツールは README から自動的に抽出されます。メンテナーは ## Tools という見出しの下に記載することで、このタブに反映できます。

概要

What is MCP Shell Server?

A secure shell command execution server implementing the Model Context Protocol (MCP). It allows remote execution of a pre‑whitelisted set of shell commands with optional stdin input, designed for controlled, auditable command‑line access from MCP clients.

How to use MCP Shell Server?

Install with pip install mcp-shell-server or automatically via Smithery (npx -y @smithery/cli install mcp-shell-server --client claude). Set the ALLOW_COMMANDS (or ALLOWED_COMMANDS) environment variable with comma‑separated command names, then start the server with ALLOW_COMMANDS="ls,cat,echo" uvx mcp-shell-server. Configure the MCP client (e.g., Claude Desktop) with a JSON entry pointing to this command and any required environment variables.

Key features of MCP Shell Server

  • Argv‑based execution without shell‑string interpretation
  • Standard input support passed to commands via stdin
  • Returns stdout, stderr, exit status, and execution time
  • Safe pipeline support validating argv segments
  • Server‑side default timeout, maximum timeout, and output byte caps
  • Contained redirection restricting <, >, >> to the working directory
  • Minimal child environment; secrets are not inherited by default
  • Structured audit logging with redaction of sensitive values

Use cases of MCP Shell Server

  • Enabling AI assistants to safely run diagnostic commands like ls, grep, or cat
  • Automating file operations with controlled input/output redirection
  • Integrating with MCP clients (e.g., Claude Desktop) for secure shell task execution
  • Auditing all command executions via structured event logs
  • Running whitelisted tools in a containerized or restricted environment

FAQ from MCP Shell Server

What commands can be executed?

Only command names listed in the ALLOW_COMMANDS (or ALLOWED_COMMANDS) environment variable, or matching a full‑match regex from ALLOW_PATTERNS, are allowed. The server also rejects known exec‑capable vectors like find -exec or shell interpreters even if the command name is allowlisted.

How does the server handle environment variables for child processes?

Children receive a minimal environment (only PATH and essential Windows keys by default). Additional variable names can be inherited from the parent or per‑call overrides using MCP_SHELL_CHILD_ENV_ALLOWLIST. Secret‑like names (e.g., containing TOKEN, PASSWORD) are redacted in logs.

What are the execution limits?

The default timeout is 30 seconds, the maximum accepted timeout is 300 seconds, and the output limit per stdout/stderr stream is 1 MiB. Client‑supplied timeouts are clamped to the server maximum; processes exceeding these limits are terminated and reported.

Is the server secure for hostile workloads?

No. It is not an OS‑level sandbox. While it enforces a command allowlist, argument hardening, and environment isolation, allowed binaries can still read accessible files or consume CPU. For untrusted workloads, run the server inside an external container, VM, or OS policy boundary.

What transport does the server use?

The server is designed for stdio transport, as shown by the MCP client configuration examples that run it as a subprocess (e.g., via uvx). It communicates with the MCP client over standard input/output.

コメント

「開発者ツール」の他のコンテンツ