How do I use mcp-sudo?

1. Click on "Install Server". 2. Wait a few minutes for the server to deploy. Once ready, it will show a "Started" state. 3. In the chat, type @ followed by the MCP server name and your instructions, e.g., "@mcp-sudo update all system packages" That's it! The server will respond to your query, and you can continue using it as needed. Here is a step-by-step guide with screenshots.

mcp-sudo

MCP server for running sudo commands with encrypted password storage.

Exposes 4 tools to persist a sudo password (encrypted with a machine-bound key) and invoke privileged commands without re-entering credentials. Designed for single-user Linux workstations.

📖 อ่านภาษาไทย →

Tools

Tool	Purpose
`store_password`	Store sudo password (encrypted, one-time)
`sudo_exec`	Run shell command with sudo
`has_password`	Check if password is stored
`clear_password`	Remove stored password

Security model

Password is encrypted with Fernet (AES-128-CBC + HMAC-SHA256).
Encryption key is derived from machine-id + USER — never stored on disk.
Decryption only succeeds on the same machine with the same user.
Encrypted blob lives at ~/.config/claude-sudo-mcp/credential.enc (chmod 600).

This is not a secrets manager. Treat this as "remember my sudo password for this session on this box." If your machine-id is copied to another box or another user reads the MCP process, the password can be recovered.

Install

cd /path/to/mcp-sudo
uv venv --python 3.12 .venv
uv pip install --python .venv/bin/python mcp cryptography

claude mcp add sudo -s user -- \
  /path/to/mcp-sudo/.venv/bin/python /path/to/mcp-sudo/server.py

On first use, call store_password once to cache credentials.