SSH MCP Server

Overview Schema Related Servers Score Discussions

ssh_stat

Retrieve file or directory metadata from a remote host via SFTP. Get size, permissions, timestamps, and type flags without parsing command output.

Instructions

Get metadata for a file or directory on a remote host via SFTP. Returns size, permissions (octal), uid/gid, mtime/atime, and type flags (isFile, isDirectory, isSymbolicLink). Use this instead of parsing ls -la output.

Input Schema

TableJSON Schema

Name	Required	Description
`host`	Yes	SSH hostname or IP address
`port`	No	SSH port (default: 22)
`username`	No	SSH username (default: current user)
`privateKeyPath`	No	Path to SSH private key
`password`	No	SSH password. STRONGLY prefer key-based auth (privateKeyPath or ssh-agent). Passwords pass through MCP protocol frames as plaintext and may be logged by the transport or host process.
`path`	Yes	Absolute path to the remote file or directory

Implementation Reference

src/ssh.ts:547-572 (handler)

The core implementation of statFile - uses ssh2 SFTP to stat a remote file/directory and returns a FileStats object with size, permissions, uid/gid, timestamps, and type flags.

export async function statFile(client: Client, remotePath: string): Promise<FileStats> {
  const sftp = await getSftp(client);
  try {
    return await new Promise((resolve, reject) => {
      sftp.stat(remotePath, (err, stats) => {
        if (err) return reject(err);
        // ssh2 exposes the type checks as methods, not boolean fields -- materialize them
        // up front so the result is a plain JSON-safe object the MCP layer can serialize.
        resolve({
          size: stats.size,
          mode: stats.mode,
          modeOctal: (stats.mode & 0o7777).toString(8).padStart(4, "0"),
          uid: stats.uid,
          gid: stats.gid,
          mtime: stats.mtime,
          atime: stats.atime,
          isFile: stats.isFile(),
          isDirectory: stats.isDirectory(),
          isSymbolicLink: stats.isSymbolicLink(),
        });
      });
    });
  } finally {
    sftp.end();
  }
}

src/ssh.ts:530-545 (schema)

FileStats interface - defines the shape of the stat result returned by statFile, including size, mode, modeOctal, uid, gid, mtime, atime, isFile, isDirectory, isSymbolicLink.

export interface FileStats {
  size: number;
  /** POSIX mode as a decimal number. Use modeOctal for the human-readable form. */
  mode: number;
  /** POSIX mode formatted as a 4-digit octal string (e.g. "0755"). */
  modeOctal: string;
  uid: number;
  gid: number;
  /** Unix timestamp (seconds since epoch) of last modification. */
  mtime: number;
  /** Unix timestamp (seconds since epoch) of last access. */
  atime: number;
  isFile: boolean;
  isDirectory: boolean;
  isSymbolicLink: boolean;
}

src/tools.ts:159-186 (handler)

Registration of the 'ssh_stat' MCP tool with its Zod schema, description, and handler that calls statFile and formats the output as human-readable text.

server.tool(
  "ssh_stat",
  "Get metadata for a file or directory on a remote host via SFTP. Returns size, permissions (octal), uid/gid, mtime/atime, and type flags (isFile, isDirectory, isSymbolicLink). Use this instead of parsing `ls -la` output.",
  {
    ...connectionParams,
    path: z.string().describe("Absolute path to the remote file or directory"),
  },
  async ({ path, ...conn }) => {
    return connectionPool.withConnection(conn, async (client) => {
      const stats = await statFile(client, path);
      const lines: string[] = [];
      const kind = stats.isDirectory
        ? "directory"
        : stats.isSymbolicLink
          ? "symlink"
          : stats.isFile
            ? "file"
            : "other";
      lines.push(`${path}: ${kind}`);
      lines.push(`  Size: ${stats.size} bytes`);
      lines.push(`  Mode: ${stats.modeOctal}`);
      lines.push(`  Owner: uid=${stats.uid} gid=${stats.gid}`);
      lines.push(`  Modified: ${new Date(stats.mtime * 1000).toISOString()}`);
      lines.push(`  Accessed: ${new Date(stats.atime * 1000).toISOString()}`);
      return { content: [{ type: "text", text: lines.join("\n") }] };
    });
  },
);

src/tools.ts:162-165 (schema)
Zod schema for ssh_stat tool input: connection params (host, port, username, privateKeyPath, password) plus a required 'path' string.
```
{
  ...connectionParams,
  path: z.string().describe("Absolute path to the remote file or directory"),
},
```

src/server.ts:49-67 (registration)

Re-export of FileStats type and statFile function from ssh.ts, and re-export of registerTools from tools.ts which registers the ssh_stat tool.

export type { ExecResult, FileStats, ResolvedConfig, SSHConfig } from "./ssh.js";
export {
  connect,
  connectRaw,
  connectWithProxy,
  deleteFile,
  downloadFile,
  exec,
  formatDiagnostics,
  listDir,
  makeDir,
  readFile,
  readKnownHostsKeys,
  resolveConfig,
  statFile,
  uploadFile,
  writeFile,
} from "./ssh.js";
export { registerTools } from "./tools.js";

Tool Definition Quality

A4.3/5.0

Behavior4/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations, the description carries the full burden. It discloses the protocol (SFTP), the return value structure (size, permissions, etc.), and that it retrieves metadata (no side effects). It lacks explicit mention of authentication requirements or error conditions, but the safety profile is clear since stat is read-only and the description implies no destructive actions.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is two sentences: first sentence defines purpose and output, second provides usage guidance. Every word is functional, no redundancy, and it is front-loaded with the core action. Ideal conciseness for a simple tool.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness5/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's simplicity (statting a remote file), the description covers all needed aspects: what it does, what it returns, and when to use it. The schema fully documents parameters. No output schema exists, but the description details the return. An agent would correctly invoke this tool based on this information.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the baseline is 3. The description adds no additional parameter-level details beyond what the schema provides, except to clarify the return value. That return info is valuable but does not enhance parameter understanding, which the schema already fully explains.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly specifies the action: 'Get metadata for a file or directory on a remote host via SFTP'. It lists the exact return fields (size, permissions, uid/gid, mtime/atime, type flags), and positions itself as an alternative to parsing `ls -la` output, distinguishing it from listing or execution tools.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines4/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description includes explicit guidance: 'Use this instead of parsing `ls -la` output.' This gives a clear context of when to prefer this tool. However, it does not explicitly exclude other scenarios or mention related tools like `ssh_ls` or `ssh_exec`, though the alternative hint is strong.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Latest Blog Posts

Lightport: Open-Sourcing Glama's AI Gateway
By punkpeye on April 27, 2026.
open source
OpenAI
Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/YawLabs/ssh-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server