mcp-shell

Name: mcp-shell
Rating: 2.3 (77 reviews)
Author: sonirico

by sonirico·★ 77·Score 46

MCP server for secure and auditable shell command execution with configurable security policies.

developer-toolssecurityops-infra

Forks

Open issues

1 mo ago

Last commit

2d ago

Indexed

Overview

mcp-shell is an MCP server that allows AI models to execute shell commands in a controlled environment. It offers multiple security modes including an allowlist approach that restricts execution to specific executables only, blocking shell interpretation to prevent injection attacks. The server provides audit logging, execution time limits, and output size controls for enhanced security. Built with Go using the mark3labs/mcp-go framework, it can be deployed via Docker or as a standalone binary.

Try asking AI

After installing, here are 6 things you can ask your AI assistant:

you:Securely allowing AI agents to execute shell commands in restricted environments

you:Auditing and controlling all shell operations performed by AI systems

you:Providing a safe interface for file system operations through AI agents

you:How secure is mcp-shell?

you:Can I restrict which commands can be executed?

you:How does it handle command output?

When to choose this

When you need AI agents to safely interact with the local filesystem and system commands with precise control over execution parameters and security boundaries.

When NOT to choose this

If you require complex shell scripting features or need to run commands with full system privileges without security restrictions.

Tools this server exposes

1 tool extracted from the README

run_shell_commandcommand: string, base64?: boolean
Execute a shell command with optional base64 encoding of output

Comparable tools

mcp-code-interpreterfilesystem-mcpmcp-exec

Installation

**Docker (recommended)**:

docker run -it --rm -v /tmp/mcp-workspace:/tmp/mcp-workspace sonirico/mcp-shell:latest

**From source**:

git clone https://github.com/sonirico/mcp-shell && cd mcp-shell
make install
mcp-shell

**Claude Desktop Configuration**: Add to your MCP config:

{
  "mcpServers": {
    "shell": {
      "command": "docker",
      "args": ["run", "--rm", "-i", "sonirico/mcp-shell:latest"],
      "env": { "MCP_SHELL_LOG_LEVEL": "info" }
    }
  }
}

For custom config, mount the security file:

{
  "command": "docker",
  "args": ["run", "--rm", "-i", "-v", "/path/to/security.yaml:/etc/mcp-shell/security.yaml", "-e", "MCP_SHELL_SEC_CONFIG_FILE=/etc/mcp-shell/security.yaml", "sonirico/mcp-shell:latest"]
}

FAQ

How secure is mcp-shell?: mcp-shell has multiple security modes. By default, it runs without restrictions. In secure mode, it uses an allowlist of executables and blocks shell interpretation to prevent injection attacks.
Can I restrict which commands can be executed?: Yes. In secure mode, you can specify allowed executables in the security config and optionally add blocked patterns to restrict arguments on allowed commands.
How does it handle command output?: The server returns command status, exit code, stdout, stderr, execution time, and optional security info. Output can be base64 encoded if needed.

Compare mcp-shell with

mcp-shell vs mcp-server-chart mcp-shell vs everything mcp-shell vs filesystem mcp-shell vs time mcp-shell vs sequentialthinking

GitHub →

Last updated 2026-05-17 · Auto-generated from public README + GitHub signals.