MCP

Securely Execute OS Commands via LLM

MCPShell securely connects LLMs to command-line tools via the Model Context Protocol (MCP), enabling safe execution of OS commands.

Works with githubkubectlaws cli

91
Spark score
out of 100
Updated 17 days ago
Version 0.2.0
Models

Add to Favorites

Why it matters

Enable Large Language Models to safely execute command-line operations on your operating system. This asset acts as a secure bridge, allowing LLMs to interact with your system's commands through a configurable and constraint-based interface.

Outcomes

What it gets done

01

Define and manage executable tools for LLMs using YAML configurations.

02

Implement security constraints with CEL expressions to validate parameters and prevent injection.

03

Integrate with LLM clients like Cursor and VSCode for seamless interaction.

04

Support for containerized and Kubernetes deployments.

Install

Add it to your toolbox

Run in your project directory:

curl -fsSL https://spark.entire.vc/get/vb-mcpshell | bash

Capabilities

Tools your agent gets

disk_usage

Check disk usage for a directory with customizable depth analysis

Overview

MCPShell MCP Server

What it does

MCPShell is a tool that allows LLMs to safely execute command-line tools through the Model Context Protocol (MCP). It provides a secure bridge between LLMs and operating system commands.

How it connects

Use MCPShell when you need to enable LLMs to safely execute command-line tools. It is designed for tasks that require LLMs to interact with the operating system through predefined commands. Do not grant LLMs unrestricted access to execute arbitrary commands or perform destructive actions without strict constraints. Always prioritize read-only operations and implement robust security measures.

Source README

MCPShell

banner

The MCPShell is a tool that allows LLMs to safely execute command-line tools
through the Model Context Protocol (MCP).
It provides a secure bridge between LLMs and operating system commands.

Features

  • Flexible command execution: Run any shell commands as MCP tools,
    with parameter substitution through templates.
  • Configuration-based tool definitions: Define tools in YAML with parameters,
    constraints, and output formatting.
  • Security through constraints: Validate tool parameters using CEL expressions
    before execution, as well as optional sanboxed environments
    for running commands.
  • Quick proptotyping of MCP tools: just add some shell code and use it as
    a MCP tool in your LLM.
  • Simple integration: Works with any LLM client supporting the MCP protocol
    (ie, Cursor, VSCode, Witsy...)

Quick Start

Imagine you want Cursor (or some other MCP client) help you with your
space problems in your hard disk.

  1. Create a configuration file /my/example.yaml defining your tools:

    mcp:
      description: |
        Tool for analyzing disk usage to help identify what's consuming space.
      run:
        shell: bash
      tools:
        - name: "disk_usage"
          description: "Check disk usage for a directory"
          params:
            directory:
              type: string
              description: "Directory to analyze"
              required: true
            max_depth:
              type: number
              description: "Maximum depth to analyze (1-3)"
              default: 2
          constraints:
            - "directory.startsWith('/')"  # Must be absolute path
            - "!directory.contains('..')"  # Prevent directory traversal
            - "max_depth >= 1 && max_depth <= 3"  # Limit recursion depth
            - "directory.matches('^[\\w\\s./\\-_]+$')"  # Only allow safe path characters, prevent command injection
          run:
            command: |
              du -h --max-depth={{ .max_depth }} {{ .directory }} | sort -hr | head -20
          output:
            prefix: |
              Disk Usage Analysis (Top 20 largest directories):
    

    Take a look at the examples directory for more sophisticated and useful examples.
    Maybe you prefer to let the LLM know about your Kubernetes cluster with
    kubectl?
    Or let it run some AWS CLI commands?

  2. Configure the MCP server in Cursor (or in any other LLM client with support for MCP)

    For example, for Cursor, create .cursor/mcp.json:

    {
        // you need the "go" command available
        "mcpServers": {
            "mcp-cli-examples": {
                "command": "go",
                "args": [
                   "run", "github.com/inercia/MCPShell@v0.1.8",
                   "mcp", "--tools", "/my/example.yaml",
                   "--logfile", "/some/path/mcpshell/example.log"
                ]
            }
        }
    }
    

    You can also use relative paths and omit the .yaml extension:

    {
        "mcpServers": {
            "mcp-cli-examples": {
                "command": "go",
                "args": [
                   "run", "github.com/inercia/MCPShell@v0.1.8",
                   "mcp", "--tools", "example",
                   "--logfile", "/some/path/mcpshell/example.log"
                ]
            }
        }
    }
    

    This will look for example.yaml in the tools directory (~/.mcpshell/tools/ by default).

    See more details on how to configure Cursor or
    Visual Studio Code. Other LLMs with support for MCPs
    should be configured in a similar way.

  3. Make sure your MCP client is refreshed (Cursor should recognize it automatically the
    firt time, but any change in the config file will require a refresh).

  4. Ask your LLM some questions it should be able to answer with the new tool. For example:
    "I'm running out of space in my hard disk. Could you help me finding the problem?".

Usage and Configuration

Take a look at all the command in this document.

Configuration files use a YAML format defined here.
See the this directory for some examples.

For deploying MCPShell in containers and Kubernetes, see the Container Deployment Guide.

Agent Mode

For AI agent functionality that connects LLMs directly to tools, see the
Don project. Don provides:

  • Direct LLM connectivity without requiring a separate MCP client
  • RAG (Retrieval-Augmented Generation) support
  • Multi-agent architecture
  • Uses MCPShell's tool configuration format

Security Considerations

So you will probably thing
"this AI has helped me finding all those big files. What if I create another tool for removing files?".
Don't do that!.

  • Limit the scope of these tools to read-only actions, do not give the LLM the power to change things.
  • Use constraints to limit command execution to safe parameters
  • Consider using a sanboxed environment for running commands.
  • Review all command templates for potential injection vulnerabilities
  • Only expose tools that are safe for external use
  • All of the above!

Please read the Security Considerations document before using this software.

Discussion

Questions & comments · 0

Sign In Sign in to leave a comment.