MCP Shell Server
A secure shell command execution server implementing the Model Context Protocol (MCP). This server allows remote execution of whitelisted shell commands with support for stdin input.
Features
- Secure Command Execution: Only whitelisted commands can be executed
- Standard Input Support: Pass input to commands via stdin
- Comprehensive Output: Returns stdout, stderr, exit status, and execution time
- Shell Operator Safety: Validates commands after shell operators (; , &&, ||, |)
- Timeout Control: Set maximum execution time for commands
Usage
To start the server, set the ALLOW_COMMANDS environment variable with a comma-separated list of allowed commands:
ALLOW_COMMANDS="ls,cat,echo" uvx mcp-shell-serverAPI Reference
The server accepts JSON payloads to execute commands. Here's an example request format:
{
"command": ["ls", "-l", "/tmp"],
"stdin": "Input for command",
"directory": "/path/to/execute",
"timeout": 30
}And a sample successful response:
{
"stdout": "command output",
"stderr": "",
"status": 0,
"execution_time": 0.123
}Security
The server implements several security measures:
- Command Whitelisting: Only explicitly allowed commands can be executed
- Shell Operator Validation: Commands after shell operators are also validated
- No Shell Injection: Commands are executed directly without shell interpretation
