mcp-shell by sonirico - MCP Server

The `mcp-shell` is a robust Model Context Protocol server designed to facilitate secure shell command execution for AI assistants and other MCP clients. It serves as a command-line actuator for language models, allowing them to interact with the real world by executing commands. Built on the official MCP SDK for Go, `mcp-shell` is written in Go and integrates seamlessly with `mcp-go`. It provides a minimal, composable, and auditable solution for executing shell commands securely. The server can run isolated via Docker, with plans to support additional jailing mechanisms like `chroot` and namespaces. It emphasizes security with configurable command allowlists, blocklists, and execution constraints, ensuring safe and controlled command execution.

Features

Security First: Configurable command allowlists, blocklists, and execution constraints ensure secure command execution.
Docker Ready: Lightweight Alpine-based container provides secure isolation for command execution.
Structured Responses: Outputs are JSON-formatted, including stdout, stderr, exit codes, and execution metadata.
Performance Monitoring: Tracks execution time and enforces resource limits for efficient command execution.
Audit Logging: Maintains a complete audit trail of command executions with structured logging.

Usages

usage with Claude Desktop

{
  "mcpServers": {
    "shell": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "mcp-shell:latest"],
      "env": {
        "MCP_SHELL_SECURITY_ENABLED": "true",
        "MCP_SHELL_LOG_LEVEL": "info"
      }
    }
  }
}

usage with Production Deployment

bash
# Build and install
make build
sudo make install-bin

# Set environment variables for basic config
export MCP_SHELL_LOG_LEVEL=info
export MCP_SHELL_LOG_FORMAT=json
export MCP_SHELL_SEC_CONFIG_FILE=/etc/mcp-shell/config.json

# Security is configured in the JSON file only
# Run service
mcp-shell