MCP Shell Server - Execute shell commands via MCP protocol
Project description
MCP Shell Server
A secure shell command execution server implementing the Model Context Protocol (MCP). This server allows remote execution of whitelisted shell commands with support for stdin input.
Features
- Secure Command Execution: Only whitelisted commands can be executed
- Standard Input Support: Pass input to commands via stdin
- Comprehensive Output: Returns stdout, stderr, exit status, and execution time
- Shell Operator Safety: Validates commands after shell operators (; , &&, ||, |)
- Timeout Control: Set maximum execution time for commands
MCP client setting in your Claude.app
Published version
code ~/Library/Application\ Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"shell": {
"command": "uvx",
"args": [
"mcp-shell-server"
],
"env": {
"ALLOW_COMMANDS": "ls,cat,pwd,grep,wc,touch,find"
}
},
}
}
Local version
Configuration
code ~/Library/Application\ Support/Claude/claude_desktop_config.json
{
"mcpServers": {
"shell": {
"command": "uv",
"args": [
"--directory",
".",
"run",
"mcp-shell-server"
],
"env": {
"ALLOW_COMMANDS": "ls,cat,pwd,grep,wc,touch,find"
}
},
}
}
Installation
Installing via Smithery
To install Shell Server for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install mcp-shell-server --client claude
Manual Installation
Installing via Smithery
To install Shell Server for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install mcp-shell-server --client claude
Manual Installation
pip install mcp-shell-server
Installing via Smithery
To install Shell Server for Claude Desktop automatically via Smithery:
npx -y @smithery/cli install mcp-shell-server --client claude
Usage
Starting the Server
ALLOW_COMMANDS="ls,cat,echo" uvx mcp-shell-server
# Or using the alias
ALLOWED_COMMANDS="ls,cat,echo" uvx mcp-shell-server
The ALLOW_COMMANDS (or its alias ALLOWED_COMMANDS ) environment variable specifies which commands are allowed to be executed. Commands can be separated by commas with optional spaces around them.
Valid formats for ALLOW_COMMANDS or ALLOWED_COMMANDS:
ALLOW_COMMANDS="ls,cat,echo" # Basic format
ALLOWED_COMMANDS="ls ,echo, cat" # With spaces (using alias)
ALLOW_COMMANDS="ls, cat , echo" # Multiple spaces
Request Format
# Basic command execution
{
"command": ["ls", "-l", "/tmp"]
}
# Command with stdin input
{
"command": ["cat"],
"stdin": "Hello, World!"
}
# Command with timeout
{
"command": ["long-running-process"],
"timeout": 30 # Maximum execution time in seconds
}
# Command with working directory and timeout
{
"command": ["grep", "-r", "pattern"],
"directory": "/path/to/search",
"timeout": 60
}
Response Format
Successful response:
{
"stdout": "command output",
"stderr": "",
"status": 0,
"execution_time": 0.123
}
Error response:
{
"error": "Command not allowed: rm",
"status": 1,
"stdout": "",
"stderr": "Command not allowed: rm",
"execution_time": 0
}
Security
The server implements several security measures:
- Command Whitelisting: Only explicitly allowed commands can be executed
- Shell Operator Validation: Commands after shell operators (;, &&, ||, |) are also validated against the whitelist
- No Shell Injection: Commands are executed directly without shell interpretation
Development
Setting up Development Environment
- Clone the repository
git clone https://github.com/yourusername/mcp-shell-server.git
cd mcp-shell-server
- Install dependencies including test requirements
pip install -e ".[test]"
Running Tests
pytest
API Reference
Request Arguments
| Field | Type | Required | Description |
|---|---|---|---|
| command | string[] | Yes | Command and its arguments as array elements |
| stdin | string | No | Input to be passed to the command |
| directory | string | No | Working directory for command execution |
| timeout | integer | No | Maximum execution time in seconds |
Response Fields
| Field | Type | Description |
|---|---|---|
| stdout | string | Standard output from the command |
| stderr | string | Standard error output from the command |
| status | integer | Exit status code |
| execution_time | float | Time taken to execute (in seconds) |
| error | string | Error message (only present if failed) |
Requirements
- Python 3.11 or higher
- mcp>=1.1.0
License
MIT License - See LICENSE file for details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file iflow_mcp_mcp_shell_server-0.1.1.tar.gz.
File metadata
- Download URL: iflow_mcp_mcp_shell_server-0.1.1.tar.gz
- Upload date:
- Size: 86.4 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.8.17
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
359de2447b636c3091e68867a13db98e082270fe7112b991ce87245bb51aee64
|
|
| MD5 |
88cdcb6a59b696cfba7ef237561c70c9
|
|
| BLAKE2b-256 |
d2a0a144964a785e7d3a50ad114a0e2a5897092ebc8eab19de07aff177491d3b
|
File details
Details for the file iflow_mcp_mcp_shell_server-0.1.1-py3-none-any.whl.
File metadata
- Download URL: iflow_mcp_mcp_shell_server-0.1.1-py3-none-any.whl
- Upload date:
- Size: 18.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: uv/0.8.17
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
574def8bd12f510cbe9166c36adee5fa050041489ffd572ca6a7ba74458b9110
|
|
| MD5 |
90c8f1a7232aa67798696fe48d37a79c
|
|
| BLAKE2b-256 |
37b175d86447539fc77b482315e94d9e7b56e4250b57628f9e92ef31d7ad3fbd
|
