secure_execute_command
Execute read-only shell commands (e.g., ls, cat) securely in an active SSH session and retrieve stdout, stderr, and exit codes without altering system state.
Instructions
Run a read‑only shell command (i.e., one that does not mutate state) in an existing SSH session and return stdout/stderr/exitCode.
Input Schema
TableJSON Schema
| Name | Required | Description | Default |
|---|---|---|---|
| command | Yes | Read‑only shell command to execute (e.g., ls, cat). | |
| connection_id | Yes |
Implementation Reference
- src/index.ts:181-194 (registration)Registration of the secure_execute_command tool in the ListTools handler, defining its name, description, and input schema for connection_id and command.{ name: "secure_execute_command", description: "Run a **read‑only** shell command (i.e., one that does not mutate state) in an existing SSH session and return stdout/stderr/exitCode.", inputSchema: { type: "object", required: ["connection_id", "command"], properties: { connection_id: { type: "string" }, command: { type: "string", description: "Read‑only shell command to execute (e.g., ls, cat)." }, }, additionalProperties: false, }, },
- src/index.ts:420-441 (handler)The core handler logic for secure_execute_command in the CallToolRequestSchema handler. Validates inputs, checks command safety with isCommandDangerous, executes via SSH using wrapExec, and returns results.if (name === "secure_execute_command") { const { connection_id, command } = args; if (!command?.trim()) throw new Error("Command cannot be empty."); const conn = connections.get(connection_id); if (!conn) throw new Error(`connection_id '${connection_id}' not found.`); // More refined security check - focus on actually dangerous operations if (isCommandDangerous(command)) { throw new Error("Command contains potentially dangerous operations and is not allowed."); } const { stdout, stderr, exitCode } = await wrapExec(conn.client, command); return { content: [ { type: "text", text: JSON.stringify({ stdout, stderr, exitCode }, null, 2), }, ], }; }
- src/index.ts:209-295 (helper)Key security helper function used exclusively by secure_execute_command to validate commands are read-only by blocking dangerous patterns like rm, mv, kill, etc., via regex matching.function isCommandDangerous(command) { const cmd = command.trim().toLowerCase(); // Allow common read-only systemctl operations if (/^systemctl\s+(status|show|list-units|list-unit-files|is-active|is-enabled|is-failed|cat|help)/.test(cmd)) { return false; } // Allow read-only git operations if (/^git\s+(status|log|show|diff|branch|remote|config\s+--list|ls-files|ls-remote)/.test(cmd)) { return false; } // Allow read-only package manager operations if (/^(apt|yum|dnf|pacman)\s+(list|search|show|info|query)/.test(cmd)) { return false; } // Allow read-only docker operations if (/^docker\s+(ps|images|inspect|logs|version|info|system\s+df|system\s+info)/.test(cmd)) { return false; } // Allow read-only kubectl operations if (/^kubectl\s+(get|describe|logs|explain|version|cluster-info|config\s+view)/.test(cmd)) { return false; } // Check for actually dangerous patterns const dangerousPatterns = [ // File system destructive operations /\brm\s+(-[rf]*\s+)*(\/|\*|\$|~)/, // rm with dangerous targets /\bmv\s+.*\s+(\/|\*)/, // mv to dangerous locations /\bchmod\s+[0-7]*\s+(\/|~|\*)/, // chmod on system locations /\bchown\s+.*\s+(\/|~|\*)/, // chown on system locations // Output redirection that could overwrite files />[^|&]*\s*(\/|~|\*)/, // Redirect to system locations /\bdd\s+.*of=/, // dd operations /\btruncate\s/, // truncate files // Process/service management (destructive) /\b(systemctl|service)\s+(stop|start|restart|disable|enable|mask|reload)/, /\b(kill|pkill|killall)\s/, // Package management (installation/removal) /\b(apt|yum|dnf|pacman)\s+(install|remove|update|upgrade|autoremove)/, // Network configuration /\b(iptables|ufw|firewall-cmd)\s/, /\bifconfig\s+.*\s+(up|down)/, // User/system modification /\b(useradd|userdel|usermod|passwd|su\s|sudo\s)/, /\bcrontab\s+-[er]/, // Dangerous git operations /\bgit\s+(push|pull|clone|reset\s+--hard|clean\s+-f|rm)/, // Container/orchestration destructive operations /\bdocker\s+(rm|rmi|kill|stop|exec|run|build|push|pull)/, /\bkubectl\s+(delete|apply|create|replace|patch|scale|rollout)/, // Text editors (could modify files) /\b(nano|vi|vim|emacs|code)\s/, // Archive operations that could overwrite /\b(tar|unzip|unrar)\s+.*-[xf]/, // System monitoring that could be used maliciously /\btcpdump\s/, /\bwireshark\s/, // Compilation (could create executables) /\b(gcc|g\+\+|make|cmake|javac|python\s+setup\.py\s+install)/, // Background processes /&\s*$/, // Commands ending with & /\bnohup\s/, // Pipes to dangerous commands /\|\s*(sh|bash|zsh|csh|tcsh|fish|python|perl|ruby|node)/, ]; // Check against dangerous patterns return dangerousPatterns.some(pattern => pattern.test(cmd)); }
- src/index.ts:93-111 (helper)Utility helper function to execute a shell command over SSH, capture stdout, stderr, and exit code, used by both execute_command and secure_execute_command.function wrapExec(client, command): any { return new Promise((resolve, reject) => { let stdout = ""; let stderr = ""; client.exec(command, (err, stream) => { if (err) return reject(err); stream .on("close", (code) => { resolve({ stdout, stderr, exitCode: code }); }) .on("data", (data) => { stdout += data.toString(); }) .stderr.on("data", (data) => { stderr += data.toString(); }); }); }); }
- src/index.ts:185-193 (schema)Input schema definition for secure_execute_command tool, specifying required string parameters connection_id and command.inputSchema: { type: "object", required: ["connection_id", "command"], properties: { connection_id: { type: "string" }, command: { type: "string", description: "Read‑only shell command to execute (e.g., ls, cat)." }, }, additionalProperties: false, },