Back to MCP Catalog

CLI Command Executor MCP Server

Command LinePython
Secure command-line interface with customizable security policies
Available Tools

run_command

Executes whitelisted CLI commands within allowed directories

command

show_security_rules

Displays current security configuration and restrictions

The CLI Command Executor provides a secure way to execute command-line operations with comprehensive security features. It enables controlled CLI access for LLM applications while maintaining robust security through command whitelisting, path validation, and execution controls. With configurable security policies, you can precisely define which commands and flags are permitted, preventing potential security risks.

Overview

The CLI Command Executor enables secure command-line execution with robust security measures. It's designed to provide controlled CLI access to LLM applications while maintaining security through features like command whitelisting, path validation, and execution controls.

Installation

You can install the CLI Command Executor in two ways:

Automatic Installation via Smithery

npx @smithery/cli install cli-mcp-server --client claude

Manual Installation

  1. Install the package using pip or uv:

    pip install cli-mcp-server
# or
uv pip install cli-mcp-server

  2. Configure your Claude Desktop by adding the following to your configuration file at ~/Library/Application Support/Claude/claude_desktop_config.json:

{
  "mcpServers": {
    "cli-mcp-server": {
      "command": "uvx",
      "args": [
        "cli-mcp-server"
      ],
      "env": {
        "ALLOWED_DIR": "/your/desired/directory",
        "ALLOWED_COMMANDS": "ls,cat,pwd,echo",
        "ALLOWED_FLAGS": "-l,-a,--help,--version",
        "MAX_COMMAND_LENGTH": "1024",
        "COMMAND_TIMEOUT": "30",
        "ALLOW_SHELL_OPERATORS": "false"
      }
    }
  }
}

Configuration

The CLI Command Executor can be configured using environment variables:

| Variable | Description | Default | | --- | --- | --- | | ALLOWED_DIR | Base directory for command execution (Required) | None (Required) | | ALLOWED_COMMANDS | Comma-separated list of allowed commands or 'all' | ls,cat,pwd | | ALLOWED_FLAGS | Comma-separated list of allowed flags or 'all' | -l,-a,--help | | MAX_COMMAND_LENGTH | Maximum command string length | 1024 | | COMMAND_TIMEOUT | Command execution timeout (seconds) | 30 | | ALLOW_SHELL_OPERATORS | Allow shell operators (&&, ||, |, >, etc.) | false |

Setting ALLOWED_COMMANDS or ALLOWED_FLAGS to 'all' will allow any command or flag respectively, but this is not recommended for security reasons.

Security Features

The CLI Command Executor includes several security features:

  • Command whitelist enforcement with optional 'all' setting
  • Flag validation with optional 'all' setting
  • Path traversal prevention and normalization
  • Shell operator blocking (with opt-in support)
  • Command length limits
  • Execution timeouts
  • Working directory restrictions
  • Symlink resolution and validation

Usage

Once configured, you can use the CLI Command Executor in Claude by asking it to run commands. For example:

"Can you list the files in my current directory?"

Claude will use the run_command tool to execute the ls command (if it's in your allowed commands list) and show you the results.

You can also ask Claude to show you the current security rules by using the show_security_rules tool.

Related MCPs

iTerm Terminal Control
Command LineTypeScript

Execute and interact with commands in your active iTerm terminal session

Command Runner
Command LineTypeScript

Run shell commands directly from your AI assistant

Shell Command Executor
Command LinePython

A secure shell command execution server for running whitelisted commands

About Model Context Protocol

Model Context Protocol (MCP) allows AI models to access external tools and services, extending their capabilities beyond their training data.

Generate Cursor Documentation

Save time on coding by generating custom documentation and prompts for Cursor IDE.