Happy slice of mcp pizzaMCP.pizza
Fire in da houseTop Tip:Paying $100+ per month for Perplexity, MidJourney, Runway, ChatGPT and other tools is crazy - get all your AI tools in one site starting at $15 per month with Galaxy AI Fire in da houseCheck it out free

mcp-shell

MCP.Pizza Chef: hdresearch

mcp-shell is a Node.js MCP server that provides secure shell command execution capabilities for AI models, integrating seamlessly with Claude Desktop. It enforces security through command blacklisting, command existence validation, and controlled standard I/O transport. Designed for safe, controlled interaction with the system shell, it supports error handling and graceful shutdown, making it ideal for AI-driven workflows requiring shell access while maintaining strict security protocols.

Use This MCP server To

Execute shell commands securely from AI models Integrate shell access into Claude Desktop workflows Validate and blacklist unsafe shell commands Enable AI-driven system automation via shell Provide controlled shell environment for AI agents

README

Shell MCP Server

A Node.js implementation of the Model Context Protocol (MCP) that provides secure shell command execution capabilities. This server allows AI models to execute shell commands in a controlled environment with built-in security measures. Easily integrates with Claude Desktop for connecting Claude with your shell.

Features

  • MCP-compliant server implementation
  • Secure command execution with blacklist protection
  • Command existence validation
  • Standard I/O based transport
  • Error handling and graceful shutdown

Installation

Run npx mcp-shell.

To add it to Claude Desktop, run npx mcp-shell config. Or add npx -y mcp-shell to your config manually.

Start (or restart) Claude Desktop and you should see the MCP tool listed on the landing page.

Security Features

The server implements several security measures:

  1. Command Blacklisting

    • Prevents execution of dangerous system commands
    • Blocks access to critical system modifications
    • Protects against file system destruction
    • Prevents privilege escalation

  2. Command Validation

    • Verifies command existence before execution
    • Validates against the blacklist
    • Returns clear error messages for invalid commands

Available Tools

The server provides one tool:

run_command

Executes a shell command and returns its output.

Input Schema:

{
  "type": "object",
  "properties": {
    "command": { "type": "string" }
  }
}

Response:

  • Success: Command output as plain text
  • Error: Error message as plain text

Blacklisted Commands

The following command categories are blocked for security:

  • File System Destruction Commands (rm, rmdir, del)
  • Disk/Filesystem Commands (format, mkfs, dd)
  • Permission/Ownership Commands (chmod, chown)
  • Privilege Escalation Commands (sudo, su)
  • Code Execution Commands (exec, eval)
  • System Communication Commands (write, wall)
  • System Control Commands (shutdown, reboot, init)

Error Handling

The server includes comprehensive error handling:

  • Command not found errors
  • Blacklisted command errors
  • Execution errors
  • MCP protocol errors
  • Graceful shutdown on SIGINT

Implementation Details

The server is built using:

  • Model Context Protocol SDK
  • StdioServerTransport for communication
  • execa for command execution
  • command-exists for command validation

Development

To modify the security settings, you can:

  1. Edit the BLACKLISTED_COMMANDS set to adjust blocked commands
  2. Modify the validateCommand function to add additional validation rules
  3. Enhance the command parsing logic in the CallToolRequestSchema handler

mcp-shell FAQ

How do I install mcp-shell?
You can install mcp-shell by running `npx mcp-shell`. To configure it with Claude Desktop, run `npx mcp-shell config` or add `npx -y mcp-shell` to your Claude Desktop config.
How does mcp-shell ensure command execution security?
mcp-shell uses command blacklisting to prevent dangerous commands, validates command existence before execution, and runs commands in a controlled environment to maintain security.
Can mcp-shell handle errors during command execution?
Yes, mcp-shell includes error handling mechanisms and supports graceful shutdown to ensure stable operation even when errors occur.
Is mcp-shell compatible with other MCP hosts besides Claude Desktop?
While primarily designed for Claude Desktop integration, mcp-shell follows the MCP protocol and can be adapted for use with other MCP-compliant hosts.
What transport method does mcp-shell use for communication?
mcp-shell uses standard input/output (stdio) based transport for communication between the MCP client and server.
Can I customize the blacklist of commands in mcp-shell?
Yes, the blacklist is configurable, allowing you to tailor which commands are blocked to fit your security requirements.
Does mcp-shell support multi-platform environments?
As a Node.js application, mcp-shell can run on any platform supporting Node.js, making it versatile for different operating systems.
How do I integrate mcp-shell with Claude Desktop?
After installation, run `npx mcp-shell config` to add it to Claude Desktop. Restart Claude Desktop, and the MCP tool will appear on the landing page.