Securely Execute OS Commands via LLM
MCPShell securely connects LLMs to command-line tools via the Model Context Protocol (MCP), enabling safe execution of OS commands.
Why it matters
Enable Large Language Models to safely execute command-line operations on your operating system. This asset acts as a secure bridge, allowing LLMs to interact with your system's commands through a configurable and constraint-based interface.
Outcomes
What it gets done
Define and manage executable tools for LLMs using YAML configurations.
Implement security constraints with CEL expressions to validate parameters and prevent injection.
Integrate with LLM clients like Cursor and VSCode for seamless interaction.
Support for containerized and Kubernetes deployments.
Install
Add it to your toolbox
Run in your project directory:
curl -fsSL https://spark.entire.vc/get/vb-mcpshell | bash Capabilities
Tools your agent gets
Check disk usage for a directory with customizable depth analysis
Overview
MCPShell MCP Server
What it does
MCPShell is a tool that allows LLMs to safely execute command-line tools through the Model Context Protocol (MCP). It provides a secure bridge between LLMs and operating system commands.
How it connects
Use MCPShell when you need to enable LLMs to safely execute command-line tools. It is designed for tasks that require LLMs to interact with the operating system through predefined commands. Do not grant LLMs unrestricted access to execute arbitrary commands or perform destructive actions without strict constraints. Always prioritize read-only operations and implement robust security measures.
Source README
MCPShell
The MCPShell is a tool that allows LLMs to safely execute command-line tools
through the Model Context Protocol (MCP).
It provides a secure bridge between LLMs and operating system commands.
Features
- Flexible command execution: Run any shell commands as MCP tools,
with parameter substitution through templates. - Configuration-based tool definitions: Define tools in YAML with parameters,
constraints, and output formatting. - Security through constraints: Validate tool parameters using CEL expressions
before execution, as well as optional sanboxed environments
for running commands. - Quick proptotyping of MCP tools: just add some shell code and use it as
a MCP tool in your LLM. - Simple integration: Works with any LLM client supporting the MCP protocol
(ie, Cursor, VSCode, Witsy...)
Quick Start
Imagine you want Cursor (or some other MCP client) help you with your
space problems in your hard disk.
Create a configuration file
/my/example.yamldefining your tools:mcp: description: | Tool for analyzing disk usage to help identify what's consuming space. run: shell: bash tools: - name: "disk_usage" description: "Check disk usage for a directory" params: directory: type: string description: "Directory to analyze" required: true max_depth: type: number description: "Maximum depth to analyze (1-3)" default: 2 constraints: - "directory.startsWith('/')" # Must be absolute path - "!directory.contains('..')" # Prevent directory traversal - "max_depth >= 1 && max_depth <= 3" # Limit recursion depth - "directory.matches('^[\\w\\s./\\-_]+$')" # Only allow safe path characters, prevent command injection run: command: | du -h --max-depth={{ .max_depth }} {{ .directory }} | sort -hr | head -20 output: prefix: | Disk Usage Analysis (Top 20 largest directories):Take a look at the examples directory for more sophisticated and useful examples.
Maybe you prefer to let the LLM know about your Kubernetes cluster with
kubectl?
Or let it run some AWS CLI commands?Configure the MCP server in Cursor (or in any other LLM client with support for MCP)
For example, for Cursor, create
.cursor/mcp.json:{ // you need the "go" command available "mcpServers": { "mcp-cli-examples": { "command": "go", "args": [ "run", "github.com/inercia/MCPShell@v0.1.8", "mcp", "--tools", "/my/example.yaml", "--logfile", "/some/path/mcpshell/example.log" ] } } }You can also use relative paths and omit the
.yamlextension:{ "mcpServers": { "mcp-cli-examples": { "command": "go", "args": [ "run", "github.com/inercia/MCPShell@v0.1.8", "mcp", "--tools", "example", "--logfile", "/some/path/mcpshell/example.log" ] } } }This will look for
example.yamlin the tools directory (~/.mcpshell/tools/by default).See more details on how to configure Cursor or
Visual Studio Code. Other LLMs with support for MCPs
should be configured in a similar way.Make sure your MCP client is refreshed (Cursor should recognize it automatically the
firt time, but any change in the config file will require a refresh).Ask your LLM some questions it should be able to answer with the new tool. For example:
"I'm running out of space in my hard disk. Could you help me finding the problem?".
Usage and Configuration
Take a look at all the command in this document.
Configuration files use a YAML format defined here.
See the this directory for some examples.
For deploying MCPShell in containers and Kubernetes, see the Container Deployment Guide.
Agent Mode
For AI agent functionality that connects LLMs directly to tools, see the
Don project. Don provides:
- Direct LLM connectivity without requiring a separate MCP client
- RAG (Retrieval-Augmented Generation) support
- Multi-agent architecture
- Uses MCPShell's tool configuration format
Security Considerations
So you will probably thing
"this AI has helped me finding all those big files. What if I create another tool for removing files?".
Don't do that!.
- Limit the scope of these tools to read-only actions, do not give the LLM the power to change things.
- Use constraints to limit command execution to safe parameters
- Consider using a sanboxed environment for running commands.
- Review all command templates for potential injection vulnerabilities
- Only expose tools that are safe for external use
- All of the above!
Please read the Security Considerations document before using this software.
Discussion
Questions & comments · 0
Sign In Sign in to leave a comment.