Logomcpdirs.org
mc

mcp-shell-server

A secure shell command execution server implementing the Model Context Protocol (MCP)

Publishermcp-shell-server
Submitted date4/13/2025

Unleashing LLMs: A Deep Dive into the MCP Shell Server for Secure Contextual Command Execution

The Model Context Protocol (MCP) is revolutionizing how Large Language Models (LLMs) interact with the external world. By providing a standardized interface for connecting LLMs to data sources and tools, MCP empowers developers to build more intelligent and context-aware AI applications. The mcp-shell-server is a powerful example of this, offering a secure and controlled way for LLMs to execute shell commands.

Key Features and Benefits

  • Robust Security Model:
    • Command Whitelisting: Only pre-approved commands are allowed, preventing malicious code execution.
    • Shell Operator Validation: Ensures that even commands chained with operators like ;, &&, ||, and | are validated against the whitelist.
    • Shell Injection Prevention: Commands are executed directly, bypassing shell interpretation and eliminating injection vulnerabilities.
  • Comprehensive Command Execution:
    • Standard Input Support: Enables passing data to commands via stdin, allowing for more complex interactions.
    • Detailed Output: Returns stdout, stderr, exit status, and execution time for thorough monitoring and debugging.
    • Timeout Control: Limits the execution time of commands, preventing resource exhaustion and runaway processes.
  • Seamless Integration with MCP: Adheres to the Model Context Protocol, ensuring compatibility with a wide range of LLM applications.

Configuration for Claude.app

To integrate the mcp-shell-server with Claude.app, you'll need to modify the claude_desktop_config.json file. Here's how to configure both published and local versions:

Published Version

  1. Locate the Configuration File:

    code ~/Library/Application\ Support/Claude/claude_desktop_config.json

  2. Add the MCP Server Configuration:

    {
  "mcpServers": {
    "shell": {
      "command": "uvx",
      "args": [
        "mcp-shell-server"
      ],
      "env": {
        "ALLOW_COMMANDS": "ls,cat,pwd,grep,wc,touch,find"
      }
    },
  }
}

Local Version

  1. Locate the Configuration File:

    code ~/Library/Application\ Support/Claude/claude_desktop_config.json

  2. Add the MCP Server Configuration:

    {
  "mcpServers": {
    "shell": {
      "command": "uv",
      "args": [
        "--directory",
        ".",
        "run",
        "mcp-shell-server"
      ],
      "env": {
        "ALLOW_COMMANDS": "ls,cat,pwd,grep,wc,touch,find"
      }
    },
  }
}

  3. Installation:

    pip install mcp-shell-server

Usage Guide

Starting the Server

The mcp-shell-server is initiated using the uvx command, with the ALLOW_COMMANDS environment variable defining the permitted commands.

ALLOW_COMMANDS="ls,cat,echo" uvx mcp-shell-server
# Or using the alias
ALLOWED_COMMANDS="ls,cat,echo" uvx mcp-shell-server

Important: The ALLOW_COMMANDS (or ALLOWED_COMMANDS) environment variable is crucial for security. It dictates which commands the server is authorized to execute.

Valid Formats:

ALLOW_COMMANDS="ls,cat,echo"          # Basic format
ALLOWED_COMMANDS="ls ,echo, cat"      # With spaces (using alias)
ALLOW_COMMANDS="ls,  cat  , echo"     # Multiple spaces

Request and Response Formats

The server communicates using JSON-based requests and responses.

Request Examples

# Basic command execution
{
    "command": ["ls", "-l", "/tmp"]
}

# Command with stdin input
{
    "command": ["cat"],
    "stdin": "Hello, World!"
}

# Command with timeout
{
    "command": ["long-running-process"],
    "timeout": 30  # Maximum execution time in seconds
}

# Command with working directory and timeout
{
    "command": ["grep", "-r", "pattern"],
    "directory": "/path/to/search",
    "timeout": 60
}

Response Examples

Successful Response:

{
    "stdout": "command output",
    "stderr": "",
    "status": 0,
    "execution_time": 0.123
}

Error Response:

{
    "error": "Command not allowed: rm",
    "status": 1,
    "stdout": "",
    "stderr": "Command not allowed: rm",
    "execution_time": 0
}

Development Setup

To contribute to the mcp-shell-server project, follow these steps:

  1. Clone the Repository:

    git clone https://github.com/yourusername/mcp-shell-server.git
cd mcp-shell-server

  2. Install Dependencies:

    pip install -e ".[test]"

  3. Run Tests:

    pytest

API Reference

Request Arguments

| Field | Type | Required | Description be passed to the command | | stdin | string | No | Input to be passed to the command

Visit More

View All
rusiaaman/wcgw

rusiaaman/wcgw

๐Ÿ ๐Ÿ  Autonomous shell execution, computer control and coding agent. (Mac)

rusiaaman/wcgw
NakaokaRei/swift-mcp-gui

NakaokaRei/swift-mcp-gui

๐ŸŽ MCP server that can execute commands such as keyboard input and mouse movement

NakaokaRei/swift-mcp-gui
admica/FileScopeMCP

admica/FileScopeMCP

๐Ÿ ๐Ÿ“‡ ๐Ÿฆ€ Analyzes your codebase identifying important files based on dependency relationships. Generates diagrams and importance scores, helping AI assistants understand the codebase.

admica/FileScopeMCP
jasonjmcghee/claude-debugs-for-you

jasonjmcghee/claude-debugs-for-you

๐Ÿ“‡ ๐Ÿ  An MCP Server and VS Code Extension which enables (language agnostic) automatic debugging via breakpoints and expression evaluation.

jasonjmcghee/claude-debugs-for-you