A robust Model Context Protocol (MCP) server that provides secure shell command execution capabilities to AI assistants and other MCP clients. In other words: the brain thinks, this runs the commands. This tool creates a bridge between AI systems and your shell environment through the standardized MCP protocol. It exposes the system shell as a structured tool, enabling autonomous workflows, tool-a
Add this skill
npx mdskills install sonirico/mcp-shellWell-documented shell execution MCP server with strong security features and clear setup instructions
A robust Model Context Protocol (MCP) server that provides secure shell command execution capabilities to AI assistants and other MCP clients. In other words: the brain thinks, this runs the commands.
๐ง ๐ฅ๐ฅ๏ธ Think of
mcp-shellas the command-line actuator for your LLM. While language models reason about the world,mcp-shellis what lets them touch it.
This tool creates a bridge between AI systems and your shell environment through the standardized MCP protocol. It exposes the system shell as a structured tool, enabling autonomous workflows, tool-assisted reasoning, and real-world problem solving.
Built on top of the official MCP SDK for Go: mark3labs/mcp-go.
It's written in Go, integrates directly with mcp-go, and provides a clean path from thought to execution. I'm aware similar projects exist โ this one's mine. It solves the problem the way I want it solved: minimal, composable, auditable.
Out of the box it runs isolated via Docker, but that's just a start. The roadmap includes support for optional jailing mechanisms like chroot, namespaces, and syscall-level confinement โ without depending on Docker for everything.
git clone https://github.com/sonirico/mcp-shell
cd mcp-shell
make install
# Run with default configuration (if installed system-wide)
mcp-shell
# Or run locally
make run
# Run with security enabled (creates temporary config)
make run-secure
# Run with custom config file
MCP_SHELL_SEC_CONFIG_FILE=security.json mcp-shell
# Run with environment overrides
MCP_SHELL_LOG_LEVEL=debug mcp-shell
# Build Docker image
make docker-build
# Run in secure container
make docker-run-secure
# Run with shell access for debugging
make docker-shell
Basic server and logging configuration via environment variables:
MCP_SHELL_SERVER_NAME: Server name (default: "mcp-shell ๐")MCP_SHELL_VERSION: Server version (set at compile time)MCP_SHELL_LOG_LEVEL: Log level (debug, info, warn, error, fatal)MCP_SHELL_LOG_FORMAT: Log format (json, console)MCP_SHELL_LOG_OUTPUT: Log output (stdout, stderr, file)MCP_SHELL_SEC_CONFIG_FILE: Path to YAML configuration fileSecurity settings are configured exclusively via YAML configuration file:
export MCP_SHELL_SEC_CONFIG_FILE=security.yaml
Example security configuration file:
security:
enabled: true
allowed_commands:
- ls
- cat
- grep
- find
- echo
blocked_commands:
- rm -rf
- sudo
- chmod
blocked_patterns:
- 'rm\s+.*-rf.*'
- 'sudo\s+.*'
max_execution_time: 30s
working_directory: /tmp/mcp-workspace
max_output_size: 1048576
audit_log: true
command (string, required): Shell command to executebase64 (boolean, optional): Return stdout/stderr as base64-encoded strings{
"status": "success|error",
"exit_code": 0,
"stdout": "command output",
"stderr": "error output",
"command": "executed command",
"execution_time": "100ms",
"security_info": {
"security_enabled": true,
"working_dir": "/tmp/mcp-workspace",
"timeout_applied": true
}
}
{
"mcpServers": {
"shell": {
"command": "docker",
"args": ["run", "--rm", "-i", "mcp-shell:latest"],
"env": {
"MCP_SHELL_SECURITY_ENABLED": "true",
"MCP_SHELL_LOG_LEVEL": "info"
}
}
}
}
# Build and install
make build
sudo make install-bin
# Set environment variables for basic config
export MCP_SHELL_LOG_LEVEL=info
export MCP_SHELL_LOG_FORMAT=json
export MCP_SHELL_SEC_CONFIG_FILE=/etc/mcp-shell/config.json
# Security is configured in the JSON file only
# Run service
mcp-shell
# Install dependencies and dev tools
make install dev-tools
# Format code
make fmt
# Run tests
make test
# Run linter
make lint
# Build for release
make release
# Generate config example
make config-example
Create security.yaml:
security:
enabled: true
allowed_commands:
- ls
- cat
- head
- tail
- grep
- find
- wc
- sort
- uniq
blocked_patterns:
- 'rm\s+.*-rf.*'
- 'sudo\s+.*'
- 'chmod\s+(777|666)'
- '>/dev/'
- 'curl.*\|.*sh'
max_execution_time: 10s
working_directory: /tmp/mcp-workspace
max_output_size: 524288
audit_log: true
Set environment:
export MCP_SHELL_SEC_CONFIG_FILE=security.yaml
export MCP_SHELL_LOG_LEVEL=info
export MCP_SHELL_LOG_FORMAT=json
git checkout -b feature/amazing-feature)git commit -m 'Add amazing feature')git push origin feature/amazing-feature)Ensure code is formatted (make fmt) and passes tests (make test).
MIT License - See LICENSE file for details.
Install via CLI
npx mdskills install sonirico/mcp-shellmcp-shell ๐ is a free, open-source AI agent skill. A robust Model Context Protocol (MCP) server that provides secure shell command execution capabilities to AI assistants and other MCP clients. In other words: the brain thinks, this runs the commands. This tool creates a bridge between AI systems and your shell environment through the standardized MCP protocol. It exposes the system shell as a structured tool, enabling autonomous workflows, tool-a
Install mcp-shell ๐ with a single command:
npx mdskills install sonirico/mcp-shellThis downloads the skill files into your project and your AI agent picks them up automatically.
mcp-shell ๐ works with Claude Code, Claude Desktop, Cursor, Vscode Copilot, Windsurf, Continue Dev, Gemini Cli, Amp, Roo Code, Goose. Skills use the open SKILL.md format which is compatible with any AI coding agent that reads markdown instructions.