MCP Shell Server
by MCP-Mirror
The MCP Shell Server is a secure server that allows remote execution of whitelisted shell commands using the Model Context Protocol (MCP). It supports stdin input and provides comprehensive output, including stdout, stderr, exit status, and execution time.
Last updated: N/A
What is MCP Shell Server?
The MCP Shell Server is a server that executes whitelisted shell commands remotely via the Model Context Protocol (MCP). It enhances security by only allowing pre-approved commands and validates commands after shell operators, preventing shell injection.
How to use MCP Shell Server?
To use the server, first install it using pip install mcp-shell-server. Then, start the server with the ALLOW_COMMANDS environment variable set to a comma-separated list of allowed commands (e.g., ALLOW_COMMANDS="ls,cat,echo" uvx mcp-shell-server). Send requests in JSON format with the command to execute, optional stdin input, working directory, and timeout. The server responds with stdout, stderr, exit status, and execution time.
Key features of MCP Shell Server
Secure Command Execution: Only whitelisted commands can be executed
Standard Input Support: Pass input to commands via stdin
Comprehensive Output: Returns stdout, stderr, exit status, and execution time
Shell Operator Safety: Validates commands after shell operators (; , &&, ||, |)
Timeout Control: Set maximum execution time for commands
Use cases of MCP Shell Server
Executing system commands remotely
Automated script execution
Integrating shell commands into applications
Securely running commands with limited permissions
FAQ from MCP Shell Server
What is the purpose of the ALLOW_COMMANDS environment variable?
What is the purpose of the ALLOW_COMMANDS environment variable?
It specifies which commands are allowed to be executed by the server.
How do I pass input to a command?
How do I pass input to a command?
Include the 'stdin' field in the request JSON with the input string.
What security measures are in place?
What security measures are in place?
The server uses command whitelisting, shell operator validation, and direct command execution to prevent shell injection.
How do I set a timeout for a command?
How do I set a timeout for a command?
Include the 'timeout' field in the request JSON with the maximum execution time in seconds.
What happens if a command is not allowed?
What happens if a command is not allowed?
The server returns an error response with a message indicating that the command is not allowed.