A community-driven registry for the Claude Code ecosystem. Not affiliated with Anthropic.
Are you the author? Sign in to claim
Give hands to AI. MCP server to run shell commands securely, auditably, and on demand.
MCP server that runs shell commands. Your LLM gets a tool; you get control over what runs and how.
Built on mark3labs/mcp-go. Written in Go.
Docker (easiest):
docker run -it --rm -v /tmp/mcp-workspace:/tmp/mcp-workspace sonirico/mcp-shell:latest
From source:
git clone https://github.com/sonirico/mcp-shell && cd mcp-shell
make install
mcp-shell
Security is off by default. To enable it, point to a YAML config:
export MCP_SHELL_SEC_CONFIG_FILE=/path/to/security.yaml
mcp-shell
Secure mode (recommended) — no shell interpretation, executable allowlist only:
security:
enabled: true
use_shell_execution: false
allowed_executables:
- ls
- cat
- grep
- find
- echo
- /usr/bin/git
blocked_patterns: # optional: restrict args on allowed commands
- '(^|\s)remote\s+(-v|--verbose)(\s|$)'
max_execution_time: 30s
max_output_size: 1048576
working_directory: /tmp/mcp-workspace
audit_log: true
Legacy mode — shell execution, allowlist/blocklist by command string (vulnerable to injection if not careful):
security:
enabled: true
use_shell_execution: true
allowed_commands: [ls, cat, grep, echo]
blocked_patterns: ['rm\s+-rf', 'sudo\s+']
max_execution_time: 30s
audit_log: true
Claude Desktop — add to your MCP config:
{
"mcpServers": {
"shell": {
"command": "docker",
"args": ["run", "--rm", "-i", "sonirico/mcp-shell:latest"],
"env": { "MCP_SHELL_LOG_LEVEL": "info" }
}
}
}
For custom config, mount the file and set the env:
{
"command": "docker",
"args": ["run", "--rm", "-i", "-v", "/path/to/security.yaml:/etc/mcp-shell/security.yaml", "-e", "MCP_SHELL_SEC_CONFIG_FILE=/etc/mcp-shell/security.yaml", "sonirico/mcp-shell:latest"]
}
| Parameter | Type | Description |
|---|---|---|
command | string | Shell command to run (required) |
base64 | boolean | Encode stdout/stderr as base64 (default: false) |
Response includes status, exit_code, stdout, stderr, command, execution_time, and optional security_info.
| Variable | Description |
|---|---|
MCP_SHELL_SEC_CONFIG_FILE | Path to security YAML |
MCP_SHELL_SERVER_NAME | Server name (default: "mcp-shell 🐚") |
MCP_SHELL_LOG_LEVEL | debug, info, warn, error, fatal |
MCP_SHELL_LOG_FORMAT | json, console |
MCP_SHELL_LOG_OUTPUT | stdout, stderr, file |
make install dev-tools # deps + goimports, golines
make fmt test lint
make docker-build # build image locally
make release # binary + docker image
use_shell_execution: false): Executable allowlist, no shell parsing. Blocks injection.Fork, branch, make fmt test, open a PR.
Run Claude Code as an MCP server so any agent can delegate coding tasks to it
Browser automation using accessibility snapshots instead of screenshots
MCP server integration for DaVinci Resolve Studio
@designcomputerSecure MCP server for MySQL database interaction, queries, and schema management
