sonirico/mcp-shell
If you are the rightful owner of mcp-shell and would like to certify it and/or have it hosted online, please leave a comment on the right or send an email to henry@mcphub.com.
The Model Context Protocol (MCP) server, known as `mcp-shell`, acts as a secure bridge between AI systems and shell environments, enabling command execution through a standardized protocol.
The `mcp-shell` is a robust Model Context Protocol server designed to facilitate secure shell command execution for AI assistants and other MCP clients. It serves as a command-line actuator for language models, allowing them to interact with the real world by executing commands. Built on the official MCP SDK for Go, `mcp-shell` is written in Go and integrates seamlessly with `mcp-go`. It provides a minimal, composable, and auditable solution for executing shell commands securely. The server can run isolated via Docker, with plans to support additional jailing mechanisms like `chroot` and namespaces. It emphasizes security with configurable command allowlists, blocklists, and execution constraints, ensuring safe and controlled command execution.
Features
- Security First: Configurable command allowlists, blocklists, and execution constraints ensure secure command execution.
- Docker Ready: Lightweight Alpine-based container provides secure isolation for command execution.
- Structured Responses: Outputs are JSON-formatted, including stdout, stderr, exit codes, and execution metadata.
- Performance Monitoring: Tracks execution time and enforces resource limits for efficient command execution.
- Audit Logging: Maintains a complete audit trail of command executions with structured logging.
Usages
usage with Claude Desktop
{ "mcpServers": { "shell": { "command": "docker", "args": ["run", "--rm", "-i", "mcp-shell:latest"], "env": { "MCP_SHELL_SECURITY_ENABLED": "true", "MCP_SHELL_LOG_LEVEL": "info" } } } }
usage with Production Deployment
bash # Build and install make build sudo make install-bin # Set environment variables for basic config export MCP_SHELL_LOG_LEVEL=info export MCP_SHELL_LOG_FORMAT=json export MCP_SHELL_SEC_CONFIG_FILE=/etc/mcp-shell/config.json # Security is configured in the JSON file only # Run service mcp-shell