MCP.so
Sign In
Servers

CLI MCP Server

@MladenSU

Command line interface for MCP clients with secure execution and customizable security policies

Overview

What is CLI MCP Server?

A secure Model Context Protocol (MCP) server that enables controlled command-line execution with robust security measures including command whitelisting, path validation, and execution controls. It is designed to provide safe CLI access for LLM applications while maintaining security.

How to use CLI MCP Server?

Install via Smithery (npx @smithery/cli install cli-mcp-server --client claude) or manually with uv/uvx. Configure required environment variable ALLOWED_DIR; optional variables set allowed commands/flags, timeouts, and shell operator behaviour. Add the server to Claude Desktop’s claude_desktop_config.json. The server exposes two tools: run_command and show_security_rules.

Key features of CLI MCP Server

  • Secure command execution with strict validation
  • Configurable command and flag whitelisting with 'all' option
  • Path traversal prevention and validation
  • Shell operator injection protection (opt‑in)
  • Execution timeouts and command length limits
  • Async operation support
  • Working directory restriction and validation

Use cases of CLI MCP Server

  • Provide controlled CLI access from AI assistant applications
  • Execute whitelisted system commands safely within a confined directory
  • Allow LLMs to run commands like ls, cat, pwd, echo without full shell access

FAQ from CLI MCP Server

What tools does CLI MCP Server provide?

Two tools: run_command to execute whitelisted commands, and show_security_rules to display current security configuration and restrictions.

What configuration is required?

ALLOWED_DIR is required. Default values: ALLOWED_COMMANDS=ls,cat,pwd, ALLOWED_FLAGS=-l,-a,--help, MAX_COMMAND_LENGTH=1024, COMMAND_TIMEOUT=30, ALLOW_SHELL_OPERATORS=false.

How does command whitelisting work?

Set ALLOWED_COMMANDS and ALLOWED_FLAGS to a comma‑separated list of allowed commands/flags, or to 'all' to allow any command/flags.

What security measures are implemented?

Command whitelist enforcement, flag validation, path traversal prevention, shell operator blocking (can be enabled), command length limits, execution timeouts, working directory restrictions, and symlink resolution/validation.

How can I install CLI MCP Server for Claude Desktop?

Via Smithery: npx @smithery/cli install cli-mcp-server --client claude. Alternatively, manually add the server configuration with uv or uvx in claude_desktop_config.json.

More from Developer Tools