MCP Shell Server

MCP Shell Server

A secure shell command execution server implementing the Model Context Protocol (MCP). This server allows remote execution of whitelisted shell commands with support for stdin input.

Features

• Secure Command Execution: Only whitelisted commands can be executed
• Standard Input Support: Pass input to commands via stdin
• Comprehensive Output: Returns stdout, stderr, exit status, and execution time
• Shell Operator Safety: Validates commands after shell operators (; , &&, ||, |)
• Timeout Control: Set maximum execution time for commands

Usage

To start the server, set the ALLOW_COMMANDS environment variable with a comma-separated list of allowed commands:

ALLOW_COMMANDS="ls,cat,echo" uvx mcp-shell-server

API Reference

The server accepts JSON payloads to execute commands. Here's an example request format:

{
    "command": ["ls", "-l", "/tmp"],
    "stdin": "Input for command",
    "directory": "/path/to/execute",
    "timeout": 30
}

And a sample successful response:

{
    "stdout": "command output",
    "stderr": "",
    "status": 0,
    "execution_time": 0.123
}

Security

The server implements several security measures:

1. Command Whitelisting: Only explicitly allowed commands can be executed
2. Shell Operator Validation: Commands after shell operators are also validated
3. No Shell Injection: Commands are executed directly without shell interpretation