MCP-ShellJS

An MCP server that provides safe, controlled ShellJS access for LLMs like Claude.

Overview

MCP-ShellJS bridges the Model Context Protocol (MCP) with ShellJS, enabling AI systems to execute shell commands within a secure sandbox. It provides controlled filesystem access with multiple security layers.

Features

Simplified security:
- Read-only mode by default
- Optional read-write mode via command line flag
- Optional exec permission via command line flag
Schema-based validation with Zod
Full ShellJS functionality (ls, grep, sed, find, etc.)
TypeScript implementation with strong typing
Simple API for LLM integration

Installation

# Clone the repository
git clone https://github.com/yourusername/mcp-shelljs.git
cd mcp-shelljs

# Install dependencies
npm install

# Build the project
npm run build

Usage

Command Line

# Default mode (read-only)
node dist/index.js

# Enable read-write operations
node dist/index.js --enable-rw

# Enable exec command (careful!)
node dist/index.js --enable-exec

# Enable both
node dist/index.js --enable-rw --enable-exec

TypeScript Integration

// Import and initialize the MCP server
import { startMCPServer } from 'mcp-shelljs';

// Start the server with default configuration (read-only)
startMCPServer();

// Or with custom security configuration
startMCPServer({
  enableRw: true,   // Enable read-write operations
  enableExec: false // Keep exec disabled
});

Security Design

MCP-ShellJS implements a simple security model:

Read-Only Mode (Default): Only commands that don't modify the filesystem are available
Read-Write Mode (--enable-rw): Enables commands that can create, modify, or delete files
Exec Mode (--enable-exec): Enables the potentially dangerous exec command for executing arbitrary shell commands

The server runs with stdio transport only, making it suitable for integration with desktop LLM applications.

Why Use MCP-ShellJS?

For AI developers, MCP-ShellJS enables powerful filesystem capabilities with controlled risk:

Efficient exploration: Fast search with grep and find across codebases
Text processing: Transform files with sed without loading them entirely
Safe automation: Let AI help with file organization and management
Powerful pipelines: Chain operations with Unix-style piping

Resources

Directory Resource

directory://{path}?include={glob}&exclude={glob}&honor_gitignore={boolean}

Provides directory listing with powerful filtering capabilities:

Parameter	Description
`include`	Glob pattern(s) to include (e.g., `.js,.ts`)
`exclude`	Glob pattern(s) to exclude (e.g., `node_modules,dist`)
`honor_gitignore`	When `true`, filters out files matching patterns in .gitignore
`recursive`	When `true`, includes subdirectories recursively

Example:

directory:///project/src?include=*.ts&exclude=*.test.ts&honor_gitignore=true

File Resource

file://{path}?lines={boolean}&start={number}&end={number}

Provides file contents with options for viewing specific portions:

Parameter	Description
`lines`	When `true`, includes line numbers in output
`start`	First line to include (1-based indexing)
`end`	Last line to include
`highlight`	Glob pattern to highlight matching text

Example:

file:///project/src/index.ts?lines=true&start=10&end=50

Tools

MCP-ShellJS exposes ShellJS commands as tools, grouped by security risk level:

Read-Only Tools

Tool	Description	Arguments
`cat`	Output file contents	`files`: String/Array, `options`: Object with `-n` (number lines)
`grep`	Search files for patterns	`regex`, `files`, `options`: Object with `-v` (invert), `-l` (filenames only), `-i` (ignore case)
`find`	Recursively find files	`paths`: String/Array (returns file paths including base dirs)
`ls`	List directory contents	`paths`: String/Array, `options`: Object with `-R` (recursive), `-A` (all), `-L` (follow symlinks), `-d` (dirs only)
`which`	Locate a command	`command`: String (returns path to command)
`pwd`	Print working directory	(no arguments)
`test`	Test file conditions	`expression`: String (e.g., `-d path` directory exists, `-f path` file exists)
`head`	Show first lines	`files`: String/Array, `options`: Object with `-n <num>` (lines to show)
`tail`	Show last lines	`files`: String/Array, `options`: Object with `-n <num>` (lines to show)
`sort`	Sort lines	`files`: String/Array, `options`: Object with `-r` (reverse), `-n` (numeric)
`uniq`	Filter duplicated lines	`input`: String, `output`: String, `options`: Object with `-i` (ignore case), `-c` (count), `-d` (duplicates only)

Read-Write Tools

Tool	Description	Arguments
`mkdir`	Create directories	`dir`: String/Array, `options`: Object with `-p` (create intermediate dirs)
`touch`	Create/update files	`files`: String/Array, `options`: Object with `-c` (no create), `-a` (access time only), `-m` (mod time only)
`cp`	Copy files/directories	`source`: String/Array, `dest`: String, `options`: Object with `-R` (recursive), `-n` (no clobber), `-f` (force)
`mv`	Move files/directories	`source`: String/Array, `dest`: String, `options`: Object with `-f` (force), `-n` (no clobber)
`rm`	Remove files/directories	`files`: String/Array, `options`: Object with `-r/-R` (recursive), `-f` (force)
`sed`	Stream editor for files	`search_regex`: RegExp, `replacement`: String, `files`: String/Array, `options`: Object with `-i` (in-place)

Special Permission Tools

Tool	Description	Arguments
`exec`	Execute command	`command`: String, `options`: Object with `async`, `silent`, requires `allowExec: true` config

License

GPL-3.0-or-later

This server cannot be installed

security - not tested

license - not found

quality - not tested

How are these scores calculated?

local-only server

The server can only run on the client's local machine because it depends on local resources.

A secure MCP server that provides controlled ShellJS access for LLMs, enabling AI systems to safely execute shell commands and interact with the filesystem within a configurable security sandbox.

Related MCP Servers

Shell-MCP
kevinwatt
A
security
A
license
A
quality
A secure MCP server for executing whitelisted shell commands with resource and timeout controls, designed for integration with Claude and other MCP-compatible LLMs.
Last updated -
20
143
2
TypeScript
MIT License
Terminal Controller for MCP
GongRzhe
A
security
A
license
A
quality
An MCP server that enables secure terminal command execution, directory navigation, and file system operations through a standardized interface for LLMs.
Last updated -
10
58
Python
MIT License
Container-MCP
54rt1n
-
security
A
license
-
quality
A secure, container-based implementation of the Model Context Protocol (MCP) that provides sandboxed environments for AI systems to safely execute code, run commands, access files, and perform web operations.
Last updated -
9
Python
Apache 2.0
Super Shell MCP Server
cfdude
-
security
A
license
-
quality
An MCP server that enables secure execution of shell commands across Windows, macOS, and Linux with built-in whitelisting and approval mechanisms for enhanced security.
Last updated -
60
6
JavaScript
MIT License

View all related MCP servers

MCP-ShellJS

MCP-ShellJS

Overview

Features

Installation

Usage

Command Line

TypeScript Integration

Security Design

Why Use MCP-ShellJS?

Resources

Directory Resource

File Resource

Tools

Read-Only Tools

Read-Write Tools

Special Permission Tools

License

Related MCP Servers

Shell-MCP

Terminal Controller for MCP

Container-MCP

Super Shell MCP Server

Appeared in Searches

New MCP Servers

MCP directory API