Skip to main content
Glama
enesjakozh

Command-Line MCP Server

by andresthor
GitHub
Python
MIT License
5
OverviewInspectNewEndpointsSchemaRelated ServersReviewsScore
Need Help?View Source CodeReport Issue

Command-Line MCP Server

A secure Model Control Protocol (MCP) server that allows AI assistants to execute terminal commands with controlled directory access and command permissions.

Overview

Command-Line MCP provides a security layer between AI assistants and your terminal. It implements a dual security model:

  1. Command Permissions: Commands are categorized as read (safe), write (changes data), or system (affects system state), with different approval requirements
  2. Directory Permissions: Commands can only access explicitly whitelisted directories or directories approved during a session

AI assistants interact with this server using standardized MCP tools, enabling safe terminal command execution while preventing access to sensitive files or dangerous operations. You can configure the security level from highly restrictive to more permissive based on your needs.

Key Features

SecurityUsabilityIntegration
Directory whitelistingCommand categorization (read/write/system)Claude Desktop compatibility
Command filteringPersistent session permissionsStandard MCP protocol
Pattern matchingCommand chaining (pipes, etc.)Auto-approval options
Dangerous command blockingIntuitive approval workflowMultiple config methods

Supported Commands (out of the box)

Read Commands

  • ls, pwd, cat, less, head, tail, grep, find, which, du, df, file, sort, etc.

Write Commands

  • cp, mv, rm, mkdir, rmdir, touch, chmod, chown, etc.

System Commands

  • ps, top, htop, who, netstat, ifconfig, ping, etc.

Security Architecture

The system implements a multi-layered security approach:

┌───────────────────────────────────────────────────────────────┐ │ COMMAND-LINE MCP SERVER │ ├──────────────────┬────────────────────────┬───────────────────┤ │ COMMAND SECURITY │ DIRECTORY SECURITY │ SESSION SECURITY │ ├──────────────────┼────────────────────────┼───────────────────┤ │ ✓ Read commands │ ✓ Directory whitelist │ ✓ Session IDs │ │ ✓ Write commands │ ✓ Runtime approvals │ ✓ Persistent │ │ ✓ System commands│ ✓ Path validation │ permissions │ │ ✓ Blocked list │ ✓ Home dir expansion │ ✓ Auto timeouts │ │ ✓ Pattern filters│ ✓ Subdirectory check │ ✓ Desktop mode │ └──────────────────┴────────────────────────┴───────────────────┘

All security features can be configured from restrictive to permissive based on your threat model and convenience requirements.

Quick Start

# Install git clone https://github.com/yourusername/cmd-line-mcp.git cd cmd-line-mcp python -m venv venv source venv/bin/activate pip install -e . cp config.json.example config.json # Run cmd-line-mcp # With default config cmd-line-mcp --config config.json # With specific config

Configuration Options

The server supports four configuration methods in order of precedence:

  1. Built-in default configuration (default_config.json)
  2. JSON configuration file (recommended for customization)
    cmd-line-mcp --config config.json
  3. Environment variables (for specific overrides)
    export CMD_LINE_MCP_SECURITY_WHITELISTED_DIRECTORIES="~,/tmp"
  4. .env file (for environment-specific settings)
    cmd-line-mcp --config config.json --env .env

The default configuration is stored in default_config.json and is included with the package. You can copy this file to create your own custom configuration.

Core Configuration Settings
{ "security": { "whitelisted_directories": ["/home", "/tmp", "~"], "auto_approve_directories_in_desktop_mode": false, "require_session_id": false, "allow_command_separators": true }, "commands": { "read": ["ls", "cat", "grep"], "write": ["touch", "mkdir", "rm"], "system": ["ps", "ping"] } }
Environment Variable Format

Environment variables use a predictable naming pattern:

CMD_LINE_MCP_<SECTION>_<SETTING>

Examples:

# Security settings export CMD_LINE_MCP_SECURITY_WHITELISTED_DIRECTORIES="/projects,/var/data" export CMD_LINE_MCP_SECURITY_AUTO_APPROVE_DIRECTORIES_IN_DESKTOP_MODE=true # Command additions (these merge with defaults) export CMD_LINE_MCP_COMMANDS_READ="awk,jq,wc"

Claude Desktop Integration

Setup
  1. Install Claude for Desktop
  2. Configure in ~/Library/Application Support/Claude/claude_desktop_config.json:
{ "mcpServers": { "cmd-line": { "command": "/path/to/venv/bin/cmd-line-mcp", "args": ["--config", "/path/to/config.json"], "env": { "CMD_LINE_MCP_SECURITY_REQUIRE_SESSION_ID": "false", "CMD_LINE_MCP_SECURITY_AUTO_APPROVE_DIRECTORIES_IN_DESKTOP_MODE": "true" } } } }

For best experience, configure:

  • require_session_id: false - Essential to prevent approval loops
  • auto_approve_directories_in_desktop_mode: true - Optional for convenient access
  • Include common directories in your whitelist

After configuration, restart Claude for Desktop.

AI Assistant Tools

The server provides these MCP tools for AI assistants:

ToolPurposeNeeds Approval
execute_commandRun any command typeYes, for write/system commands
execute_read_commandRun read-only commandsDirectory approval only
approve_directoryGrant access to a directoryN/A - it's an approval tool
approve_command_typeGrant permission for command categoryN/A - it's an approval tool
list_directoriesShow authorized directoriesNo
list_available_commandsShow command categoriesNo
get_command_helpGet command usage guidanceNo
get_configurationView current settingsNo

Tool Examples

Directory Management
# Check available directories dirs = await list_directories(session_id="session123") whitelisted = dirs["whitelisted_directories"] approved = dirs["session_approved_directories"] # Request permission for a directory if "/projects/my-data" not in whitelisted and "/projects/my-data" not in approved: result = await approve_directory( directory="/projects/my-data", session_id="session123" )
Command Execution
# Read commands (read permissions enforced) result = await execute_read_command("ls -la ~/Documents") # Any command type (may require command type approval) result = await execute_command( command="mkdir -p ~/Projects/new-folder", session_id="session123" )
Get Configuration
# Check current settings config = await get_configuration() whitelist = config["directory_whitelisting"]["whitelisted_directories"]

Directory Security System

The server restricts command execution to specific directories, preventing access to sensitive files.

Directory Security Modes

The system supports three security modes:

ModeDescriptionBest ForConfiguration
StrictOnly whitelisted directories allowedMaximum securityauto_approve_directories_in_desktop_mode: false
ApprovalNon-whitelisted directories require explicit approvalInteractive useDefault behavior for standard clients
Auto-approveAuto-approves directories for Claude DesktopConvenienceauto_approve_directories_in_desktop_mode: true

Whitelisted Directory Configuration

"security": { "whitelisted_directories": [ "/home", // System directories "/tmp", "~", // User's home "~/Documents" // Common user directories ], "auto_approve_directories_in_desktop_mode": false // Set to true for convenience }

Directory Approval Flow

  1. Command is requested in a directory
  2. System checks:
    • Is the directory in the global whitelist? → Allow
    • Has directory been approved in this session? → Allow
    • Neither? → Request approval
  3. After approval, directory remains approved for the entire session

Path Format Support

  • Absolute paths: /home/user/documents
  • Home directory: ~ (expands to user's home)
  • User subdirectories: ~/Downloads

Claude Desktop Integration

The server maintains a persistent session for Claude Desktop, ensuring directory approvals persist between requests and preventing approval loops.

Command Customization

The system uses command categorization to control access:

CategoryDescriptionExample CommandsRequires Approval
ReadSafe operationsls, cat, findNo
WriteData modificationmkdir, rm, touchYes
SystemSystem operationsps, ping, ifconfigYes
BlockedDangerous commandssudo, bash, evalAlways denied

Customization Methods

// In config.json { "commands": { "read": ["ls", "cat", "grep", "awk", "jq"], "write": ["mkdir", "touch", "rm"], "system": ["ping", "ifconfig", "kubectl"], "blocked": ["sudo", "bash", "eval"] } }

Environment Variable Method:

# Add to existing lists, not replace (comma-separated) export CMD_LINE_MCP_COMMANDS_READ="awk,jq" export CMD_LINE_MCP_COMMANDS_BLOCKED="npm,pip"

The MCP server merges these additions with existing commands, letting you extend functionality without recreating complete command lists.

Command Chaining

The server supports three command chaining methods:

MethodSymbolExampleConfig Setting
Pipes|ls | grep txtallow_command_separators: true
Sequence;mkdir dir; cd dirallow_command_separators: true
Background&find . -name "*.log" &allow_command_separators: true

All commands in a chain must be from the supported command list. Security checks apply to the entire chain.

Quick Configuration:

"security": { "allow_command_separators": true // Set to false to disable all chaining }

To disable specific separators, add them to the dangerous_patterns list.

License

MIT

This server cannot be installed

-
security - not tested
A
license - permissive license
-
quality - not tested

How are these scores calculated?

local-only server

The server can only run on the client's local machine because it depends on local resources.

Allows AI assistants to safely execute common Unix/macOS terminal commands through a controlled interface with comprehensive security features.

  1. Overview
    1. Key Features
      1. Supported Commands (out of the box)
        1. Read Commands
        2. Write Commands
        3. System Commands
      2. Security Architecture
        1. Quick Start
          1. Configuration Options
          2. Claude Desktop Integration
        2. AI Assistant Tools
          1. Tool Examples
        3. Directory Security System
          1. Directory Security Modes
          2. Whitelisted Directory Configuration
          3. Directory Approval Flow
          4. Path Format Support
          5. Claude Desktop Integration
        4. Command Customization
          1. Customization Methods
          2. Command Chaining
        5. License

          Related MCP Servers

          • cli-mcp-server

            MladenSU
            A
            security
            A
            license
            A
            quality
            Command line interface with secure execution and customizable security policies
            Last updated -
            140
            MIT License
            • Apple

          • Lilith Shell

            charles-adedotun
            -
            security
            A
            license
            -
            quality
            An enhanced MCP server that grants AI assistants the ability to execute terminal commands on a user's system with improved security controls, designed for use in controlled environments.
            Last updated -
            MIT License
            • Apple

          • SSH MCP Server

            format37
            -
            security
            F
            license
            -
            quality
            Enables AI assistants to securely execute shell commands on local machines through an SSH interface with session management, command execution, and sudo support.
            Last updated -
            • Linux

          • Shell Executor MCP Server

            kosiew
            -
            security
            F
            license
            -
            quality
            Provides safe shell command execution capabilities for AI agents and tools like VS Code Copilot through a whitelist-based filtering system.
            Last updated -

          View all related MCP servers

          Appeared in Searches

          New MCP Servers

          MCP directory API

          We provide all the information about MCP servers via our MCP API.

          curl -X GET 'https://glama.ai/api/mcp/v1/servers/andresthor/cmd-line-mcp'

          If you have feedback or need assistance with the MCP directory API, please join our Discord server