- Home
- MCP servers
- Shell
Shell
- javascript
40
GitHub Stars
javascript
Language
6 months ago
First Indexed
2 months ago
Catalog Refreshed
Documentation & install
Readme and setup notes from the catalogue, plus a client-ready config you can copy for your MCP host.
Installation
Add the following to your MCP client configuration file.
Configuration
View docs{
"mcpServers": {
"hdresearch-mcp-shell": {
"command": "npx",
"args": [
"mcp-shell"
]
}
}
}Shell MCP Server provides a secure, Node.js based MCP implementation that enables controlled shell command execution. It is designed to be easily integrated with Claude Desktop, allowing you to run shell commands from AI models while enforcing strict security and input validation to protect your system.
How to use
You connect to the Shell MCP Server from an MCP client by starting the local server process and using the MCP transport to send commands. The server validates each command, executes it in a restricted environment, and returns the resulting output or an error message. Use this to enable AI-driven shell interactions that stay within safe boundaries.
How to install
Prerequisites: ensure you have Node.js and npm installed on your system. You can verify by running node -v and npm -v in your terminal.
Install and run the MCP shell server locally using the following command.
npx mcp-shell
To configure the MCP tool for Claude Desktop, use the following command to generate or update the config.
npx mcp-shell config
If you are updating your Claude Desktop configuration manually, you can add the MCP command to your profile by including the local MCP start command in your setup as shown above.
Security and operation notes
The server includes several security measures to protect your system while enabling shell command execution. It implements a command blacklist to block dangerous operations, validates that a command exists before attempting execution, and provides clear error messages when commands fail or are disallowed. The transport uses standard I/O to communicate between the MCP client and server.
Key security features include: a blacklist protecting against file system destruction, privilege escalation, and other high-risk actions; command existence validation to prevent executing non-existent or unexpected commands; and explicit error reporting for invalid or disallowed requests.
Error handling
The server handles common errors such as command-not-found, blacklist violations, execution failures, and MCP protocol errors. It also supports graceful shutdown on receiving an interrupt signal, ensuring the system remains stable during server stop or restart.
Implementation details
The Shell MCP Server is built with the Model Context Protocol SDK and uses a StdioServerTransport for communication. It relies on execa for executing shell commands and command-exists for validating command availability.
Development
If you want to adjust security behavior, you can update the BLACKLISTED_COMMANDS set, modify the validateCommand function to add further checks, or enhance the CallToolRequestSchema handling to support additional parsing rules.
Available tools
run_command
Executes a shell command and returns its output, handling input, output, and errors through the MCP transport.