MCP.so
登录

MCP Shell Server

@tumf

关于 MCP Shell Server

Secure MCP server for whitelisted shell command execution with stdin, argv pipelines, timeouts, and structured audit logging.

基本信息

分类

开发工具

许可证

MIT

运行时

python

传输方式

stdio

发布者

tumf

配置

使用下面的配置,将此服务器添加到你的 MCP 客户端。

{
  "mcpServers": {
    "mcp-shell-server": {
      "command": "npx",
      "args": [
        "-y",
        "@smithery/cli",
        "install",
        "mcp-shell-server",
        "--client",
        "claude"
      ]
    }
  }
}

工具

未检测到工具

工具是从 README 中自动提取的。维护者可以在 ## Tools 标题下列出工具,即可填充这部分内容。

概览

What is MCP Shell Server?

A secure shell command execution server implementing the Model Context Protocol (MCP). It allows remote execution of a pre‑whitelisted set of shell commands with optional stdin input, designed for controlled, auditable command‑line access from MCP clients.

How to use MCP Shell Server?

Install with pip install mcp-shell-server or automatically via Smithery (npx -y @smithery/cli install mcp-shell-server --client claude). Set the ALLOW_COMMANDS (or ALLOWED_COMMANDS) environment variable with comma‑separated command names, then start the server with ALLOW_COMMANDS="ls,cat,echo" uvx mcp-shell-server. Configure the MCP client (e.g., Claude Desktop) with a JSON entry pointing to this command and any required environment variables.

Key features of MCP Shell Server

  • Argv‑based execution without shell‑string interpretation
  • Standard input support passed to commands via stdin
  • Returns stdout, stderr, exit status, and execution time
  • Safe pipeline support validating argv segments
  • Server‑side default timeout, maximum timeout, and output byte caps
  • Contained redirection restricting <, >, >> to the working directory
  • Minimal child environment; secrets are not inherited by default
  • Structured audit logging with redaction of sensitive values

Use cases of MCP Shell Server

  • Enabling AI assistants to safely run diagnostic commands like ls, grep, or cat
  • Automating file operations with controlled input/output redirection
  • Integrating with MCP clients (e.g., Claude Desktop) for secure shell task execution
  • Auditing all command executions via structured event logs
  • Running whitelisted tools in a containerized or restricted environment

FAQ from MCP Shell Server

What commands can be executed?

Only command names listed in the ALLOW_COMMANDS (or ALLOWED_COMMANDS) environment variable, or matching a full‑match regex from ALLOW_PATTERNS, are allowed. The server also rejects known exec‑capable vectors like find -exec or shell interpreters even if the command name is allowlisted.

How does the server handle environment variables for child processes?

Children receive a minimal environment (only PATH and essential Windows keys by default). Additional variable names can be inherited from the parent or per‑call overrides using MCP_SHELL_CHILD_ENV_ALLOWLIST. Secret‑like names (e.g., containing TOKEN, PASSWORD) are redacted in logs.

What are the execution limits?

The default timeout is 30 seconds, the maximum accepted timeout is 300 seconds, and the output limit per stdout/stderr stream is 1 MiB. Client‑supplied timeouts are clamped to the server maximum; processes exceeding these limits are terminated and reported.

Is the server secure for hostile workloads?

No. It is not an OS‑level sandbox. While it enforces a command allowlist, argument hardening, and environment isolation, allowed binaries can still read accessible files or consume CPU. For untrusted workloads, run the server inside an external container, VM, or OS policy boundary.

What transport does the server use?

The server is designed for stdio transport, as shown by the MCP client configuration examples that run it as a subprocess (e.g., via uvx). It communicates with the MCP client over standard input/output.

评论

开发工具 分类下的更多 MCP 服务器