mcp-shell

sonirico/mcp-shell

3.4

If you are the rightful owner of mcp-shell and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.

The Model Context Protocol (MCP) server, known as `mcp-shell`, acts as a secure bridge between AI systems and shell environments, enabling command execution through a standardized protocol.

The `mcp-shell` is a robust Model Context Protocol server designed to facilitate secure shell command execution for AI assistants and other MCP clients. It serves as a command-line actuator for language models, allowing them to interact with the real world by executing commands. Built on the official MCP SDK for Go, `mcp-shell` is written in Go and integrates seamlessly with `mcp-go`. It provides a minimal, composable, and auditable solution for executing shell commands securely. The server can run isolated via Docker, with plans to support additional jailing mechanisms like `chroot` and namespaces. It emphasizes security with configurable command allowlists, blocklists, and execution constraints, ensuring safe and controlled command execution.

Features

  • Security First: Configurable command allowlists, blocklists, and execution constraints ensure secure command execution.
  • Docker Ready: Lightweight Alpine-based container provides secure isolation for command execution.
  • Structured Responses: Outputs are JSON-formatted, including stdout, stderr, exit codes, and execution metadata.
  • Performance Monitoring: Tracks execution time and enforces resource limits for efficient command execution.
  • Audit Logging: Maintains a complete audit trail of command executions with structured logging.

Usages

usage with Claude Desktop

{
  "mcpServers": {
    "shell": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "mcp-shell:latest"],
      "env": {
        "MCP_SHELL_SECURITY_ENABLED": "true",
        "MCP_SHELL_LOG_LEVEL": "info"
      }
    }
  }
}

usage with Production Deployment

bash
# Build and install
make build
sudo make install-bin

# Set environment variables for basic config
export MCP_SHELL_LOG_LEVEL=info
export MCP_SHELL_LOG_FORMAT=json
export MCP_SHELL_SEC_CONFIG_FILE=/etc/mcp-shell/config.json

# Security is configured in the JSON file only
# Run service
mcp-shell