Unrestricted Development MCP Server

shell_execute

Execute shell commands with full system access for package installation, service management, file operations, and development tasks. Supports sudo for privileged operations and captures command output.

Instructions

Execute a shell command with full system access. Supports sudo for privileged operations.

Use this for:

Running system commands (apt, brew, yum, dnf, pacman, etc.)
Installing packages and dependencies
Managing services (systemctl, service, etc.)
File operations via shell utilities
Network operations (curl, wget, ssh, scp, etc.)
Git operations
Docker commands
Any other shell command

The command runs in /bin/bash by default. Output is captured and returned after completion. For long-running commands, use shell_execute_streaming instead.

Input Schema

TableJSON Schema

Name	Required	Description
`command`	Yes	The shell command to execute
`cwd`	No	Working directory for the command (defaults to current directory)
`env`	No	Environment variables to set for the command
`timeout`	No	Timeout in milliseconds (default: 30000ms)
`shell`	No	Shell to use (default: /bin/bash)
`sudo`	No	Execute with sudo privileges. Use this for system-level operations like installing packages.

Implementation Reference

src/tools/shell.ts:39-93 (handler)

Core handler function that executes the shell command using Node.js child_process.exec (promisified), supports sudo by wrapping in sudo bash -c, handles environment, cwd, timeout, captures stdout/stderr even on error, and returns JSON-formatted response with success status, output, and exit code.

export async function executeCommand(args: z.infer<typeof executeCommandSchema>): Promise<ToolResponse> {
  try {
    // For sudo commands, wrap the entire command in a shell to ensure all parts run with sudo
    const command = args.sudo
      ? `sudo bash -c ${JSON.stringify(args.command)}`
      : args.command;
    const timeout = args.timeout || 30000;

    const { stdout, stderr } = await execAsync(command, {
      cwd: args.cwd,
      env: args.env ? { ...process.env, ...args.env } : process.env,
      shell: args.shell || '/bin/bash',
      timeout: timeout,
      maxBuffer: 10 * 1024 * 1024 // 10MB buffer
    });

    return {
      content: [
        {
          type: "text" as const,
          text: JSON.stringify({
            success: true,
            command: command,
            stdout: stdout,
            stderr: stderr,
            exitCode: 0
          }, null, 2)
        }
      ]
    };
  } catch (error: any) {
    // Even if command fails, return the output
    const command = args.sudo
      ? `sudo bash -c ${JSON.stringify(args.command)}`
      : args.command;

    return {
      content: [
        {
          type: "text" as const,
          text: JSON.stringify({
            success: false,
            command: command,
            stdout: error.stdout || '',
            stderr: error.stderr || error.message,
            exitCode: error.code || 1,
            signal: error.signal,
            timedOut: error.killed && error.signal === 'SIGTERM'
          }, null, 2)
        }
      ],
      isError: true
    };
  }
}

src/tools/shell.ts:15-22 (schema)

Zod schema for validating input parameters to the shell_execute tool: command (required), optional cwd, env, timeout, shell, sudo.

export const executeCommandSchema = z.object({
  command: z.string().describe('The shell command to execute'),
  cwd: z.string().optional().describe('Working directory for the command (defaults to current directory)'),
  env: z.record(z.string()).optional().describe('Environment variables to set for the command'),
  timeout: z.number().optional().describe('Timeout in milliseconds (default: 30000ms)'),
  shell: z.string().optional().describe('Shell to use (default: /bin/bash)'),
  sudo: z.boolean().default(false).describe('Execute with sudo privileges')
});

src/tools/shell.ts:177-225 (registration)

MCP tool registration object defining name 'shell_execute', detailed description of usage, and JSON inputSchema matching the Zod schema. Part of shellTools array exported for use in server.

  {
    name: 'shell_execute',
    description: `Execute a shell command with full system access. Supports sudo for privileged operations.

Use this for:
- Running system commands (apt, brew, yum, dnf, pacman, etc.)
- Installing packages and dependencies
- Managing services (systemctl, service, etc.)
- File operations via shell utilities
- Network operations (curl, wget, ssh, scp, etc.)
- Git operations
- Docker commands
- Any other shell command

The command runs in /bin/bash by default. Output is captured and returned after completion.
For long-running commands, use shell_execute_streaming instead.`,
    inputSchema: {
      type: 'object',
      properties: {
        command: {
          type: 'string',
          description: 'The shell command to execute'
        },
        cwd: {
          type: 'string',
          description: 'Working directory for the command (defaults to current directory)'
        },
        env: {
          type: 'object',
          additionalProperties: { type: 'string' },
          description: 'Environment variables to set for the command'
        },
        timeout: {
          type: 'number',
          description: 'Timeout in milliseconds (default: 30000ms)'
        },
        shell: {
          type: 'string',
          description: 'Shell to use (default: /bin/bash)'
        },
        sudo: {
          type: 'boolean',
          default: false,
          description: 'Execute with sudo privileges. Use this for system-level operations like installing packages.'
        }
      },
      required: ['command']
    }
  },

src/index.ts:347-350 (registration)
Dispatch/registration in the main CallToolRequest handler: matches tool name 'shell_execute', validates args with executeCommandSchema, and calls the executeCommand handler function.
```
if (name === 'shell_execute') {
  const validated = executeCommandSchema.parse(args);
  return await executeCommand(validated);
}
```

src/index.ts:284-296 (registration)

Server handler for ListToolsRequest that includes ...shellTools (containing shell_execute definition) in the returned list of available tools.

this.server.setRequestHandler(ListToolsRequestSchema, async () => {
  return {
    tools: [
      ...filesystemTools,
      ...shellTools,
      ...dockerTools,
      ...mongodbTools,
      ...redisTools,
      ...gitTools,
      ...processTools,
      ...networkTools
    ]
  };

Tool Definition Quality

A4.4/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It does well by stating that the tool has 'full system access' and 'supports sudo for privileged operations,' which implies high-risk capabilities. It also mentions that 'output is captured and returned after completion' and runs in '/bin/bash by default,' adding useful context. However, it lacks details on error handling, security implications, or rate limits, which are important for a powerful tool like this.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured and appropriately sized. It starts with a clear purpose statement, followed by a bulleted list of use cases for quick scanning, and ends with important behavioral notes and an alternative tool mention. Every sentence earns its place by providing essential information without redundancy, making it efficient and easy to parse.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness4/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's high complexity (full system access, 6 parameters) and lack of annotations or output schema, the description does a good job of covering key aspects: purpose, usage guidelines, and some behavioral context. However, it could be more complete by addressing potential risks, error responses, or output format details, which are critical for safe and effective use in an AI agent context.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The schema description coverage is 100%, so the schema already documents all parameters thoroughly. The description does not add any parameter-specific semantics beyond what's in the schema (e.g., it doesn't explain the 'sudo' parameter beyond mentioning it in the title). This meets the baseline of 3, as the schema does the heavy lifting, but the description doesn't compensate with extra insights into parameter usage or constraints.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Execute a shell command with full system access. Supports sudo for privileged operations.' It specifies the verb ('execute') and resource ('shell command'), and distinguishes it from sibling tools by mentioning shell_execute_streaming for long-running commands. The bulleted list provides concrete examples of use cases, making the purpose highly specific and actionable.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines5/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description explicitly provides usage guidelines: 'Use this for:' with a comprehensive list of scenarios (e.g., running system commands, installing packages, managing services). It also specifies when to use an alternative: 'For long-running commands, use shell_execute_streaming instead.' This gives clear direction on when to choose this tool versus its sibling, addressing potential alternatives effectively.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/ConnorBoetig-dev/mcp2'

If you have feedback or need assistance with the MCP directory API, please join our Discord server