Enables remote file operations and command execution on Docker containers via SSH, including file browsing, log viewing, and container management across a fleet of machines
Allows access to Plex server logs and configuration files on remote systems through SSH-based file operations and directory browsing
Scout MCP
MCP server for remote file operations via SSH. Scout your fleet of machines with a single tool.
Installation
Configuration
Scout MCP reads your ~/.ssh/config to discover available hosts. Optionally configure limits:
Current defaults:
Max file size: 1MB (1,048,576 bytes)
Command timeout: 30 seconds
Idle timeout: 60 seconds
Max pool size: 100 connections
Usage
Add to your Claude Code MCP config:
Interactive UI (Optional)
Scout MCP provides optional interactive UI components for enhanced file browsing.
Note: UI is disabled by default for better MCP client compatibility. To enable, set SCOUT_ENABLE_UI=true.
File Explorer
Access any directory to see an interactive file explorer:
Features:
Sortable listings
Search/filter
File type icons
Size and dates
Log Viewer
Log files display with syntax highlighting and filtering:
Features:
Level filtering (ERROR/WARN/INFO/DEBUG)
Search functionality
Syntax highlighting
Line statistics
Markdown Viewer
Markdown files render with live preview:
Features:
Live rendered preview
Source view toggle
Syntax highlighting
Proper formatting
File Viewer
Code and text files show with syntax highlighting:
Features:
Language detection
Line numbers
Copy to clipboard
Syntax highlighting
See docs/MCP-UI.md for complete UI documentation.
Tool: scout
List available hosts
Cat a file
List a directory
Run a command
File Transfers
Scout includes beam - a simple file transfer feature using SFTP:
Direction is auto-detected:
Local file exists → Upload (local → remote)
Local file doesn't exist → Download (remote → local)
Remote-to-Remote Transfers
Transfer files directly between two remote hosts using SFTP streaming:
Features:
Streams data in 64KB chunks (constant memory usage)
No temp files on MCP server
Works for files of any size
Auto-optimizes when MCP server is source or target
Security
Warning: Scout MCP provides remote shell access. Deploy with care.
Quick Security Checklist
Enable API key authentication (
SCOUT_API_KEYS)Enable rate limiting (
SCOUT_RATE_LIMIT_PER_MINUTE)Verify SSH host keys are in
~/.ssh/known_hostsSet
SCOUT_STRICT_HOST_KEY_CHECKING=true(default)Bind to
127.0.0.1if local-only access neededUse SSH keys, not passwords
Limit SSH user permissions on remote hosts
Review
~/.ssh/configfor only necessary hostsCommand injection prevented (allowlist)
SSH host verification enforced (fail-closed)
Docker/Compose names validated
Security Configuration
Variable | Default | Purpose |
| (none) | Comma-separated API keys for authentication |
| 60 | Rate limit per client (requests/minute) |
| ~/.ssh/known_hosts | SSH host key verification |
| true | Reject unknown host keys |
| 0.0.0.0 | Bind address (use 127.0.0.1 for local only) |
| 1048576 | Max file size in bytes (1MB) |
| 30 | Command timeout in seconds |
Built-in Security Features
Scout MCP includes multiple layers of security protection:
API Key Authentication: Optional HTTP header-based authentication (production recommended)
Rate Limiting: Prevents abuse with configurable per-client request limits
SSH Host Key Verification: Validates remote host identity to prevent MITM attacks
Path Traversal Protection: Blocks
../and other escape sequencesCommand Injection Protection: Uses
shlex.quote()for all paths and argumentsInput Validation: Validates hostnames and paths for malicious patterns
File Size Limits: Prevents memory exhaustion attacks
Command Timeouts: Prevents hanging operations
Example: Secure Configuration
See SECURITY.md for complete security documentation, threat model, and deployment best practices.
Test Coverage
Total: 74%
Tests: 422 (374 passing)
Last Updated: 2025-12-10
Run tests with coverage:
HTML coverage report: open htmlcov/index.html
Development
License
MIT