Super Shell MCP Server

Overview Schema Related Servers Score Discussions

execute_command

Execute shell commands on Windows, macOS, or Linux with built-in security controls including whitelisting and approval mechanisms for safe command execution.

Instructions

Execute a shell command on the current platform

Input Schema

TableJSON Schema

Name	Required	Description	Default
`command`	Yes	The command to execute
`args`	No	Command arguments

Implementation Reference

src/index.ts:149-169 (registration)

Registration of the 'execute_command' tool in the MCP server's listTools handler, including name, description, and input schema definition.

{
  name: 'execute_command',
  description: 'Execute a shell command on the current platform',
  inputSchema: {
    type: 'object',
    properties: {
      command: {
        type: 'string',
        description: 'The command to execute',
      },
      args: {
        type: 'array',
        items: {
          type: 'string',
        },
        description: 'Command arguments',
      },
    },
    required: ['command'],
  },
},

src/index.ts:335-417 (handler)

Primary handler for the 'execute_command' tool call. Parses arguments with Zod schema, checks command whitelist/security level, queues for manual approval if required, or delegates execution to CommandService.executeCommand.

private async handleExecuteCommand(args: any) {
  const schema = z.object({
    command: z.string(),
    args: z.array(z.string()).optional(),
  });

  // Log the start of command execution
  logger.debug(`handleExecuteCommand called with args: ${JSON.stringify(args)}`);

  const { command, args: commandArgs = [] } = schema.parse(args);

  // Extract the base command (without path)
  const baseCommand = path.basename(command);
  
  logger.debug(`[Executing Command] Command: ${command} ${commandArgs.join(' ')}`);
  logger.debug(`Base command: ${baseCommand}`);
  
  // Check if the command requires approval before attempting execution
  const whitelist = this.commandService.getWhitelist();
  logger.debug(`Whitelist entries: ${whitelist.length}`);
  
  const whitelistEntry = whitelist.find(entry => entry.command === baseCommand);
  logger.debug(`Whitelist entry found: ${whitelistEntry ? 'yes' : 'no'}`);
  
  if (whitelistEntry) {
    logger.debug(`Security level: ${whitelistEntry.securityLevel}`);
  }
  
  if (whitelistEntry && whitelistEntry.securityLevel === CommandSecurityLevel.REQUIRES_APPROVAL) {
    logger.debug(`[Command Requires Approval] Command: ${command} ${commandArgs.join(' ')}`);
    
    // Use the non-blocking method to queue the command for approval
    const commandId = this.commandService.queueCommandForApprovalNonBlocking(command, commandArgs);
    logger.debug(`Command queued for approval with ID: ${commandId}`);
    
    // Return immediately with instructions for approval
    logger.debug(`Returning response to client`);
    return {
      content: [
        {
          type: 'text',
          text: `This command requires approval. It has been queued with ID: ${commandId}\n\nPlease approve this command in the UI or use the 'approve_command' function with this command ID.`,
        },
      ],
      isError: false, // Not an error, just needs approval
    };
  }
  
  // For safe commands or forbidden commands, use the normal execution path
  try {
    // Use the CommandService's executeCommand method
    const result = await this.commandService.executeCommand(command, commandArgs);
    
    return {
      content: [
        {
          type: 'text',
          text: result.stdout,
        },
        {
          type: 'text',
          text: result.stderr ? `Error output: ${result.stderr}` : '',
        },
      ],
    };
  } catch (error: unknown) {
    const errorMessage = error instanceof Error
      ? error.message
      : 'Unknown error occurred';
    
    console.error(`[Command Execution Failed] Error: ${errorMessage}`);
    
    return {
      content: [
        {
          type: 'text',
          text: `Command execution failed: ${errorMessage}`,
        },
      ],
      isError: true,
    };
  }
}

src/index.ts:152-167 (schema)

Input schema definition for the 'execute_command' tool, specifying required 'command' string and optional 'args' array of strings.

inputSchema: {
  type: 'object',
  properties: {
    command: {
      type: 'string',
      description: 'The command to execute',
    },
    args: {
      type: 'array',
      items: {
        type: 'string',
      },
      description: 'Command arguments',
    },
  },
  required: ['command'],

src/services/command-service.ts:242-282 (helper)

Core execution method in CommandService that validates command against whitelist, handles security levels (safe/approval/forbidden), queues for approval if needed, or executes using child_process.execFile.

public async executeCommand(
  command: string,
  args: string[] = [],
  options: {
    timeout?: number;
    requestedBy?: string;
  } = {}
): Promise<CommandResult> {
  const securityLevel = this.validateCommand(command, args);

  // If command is not whitelisted, reject
  if (securityLevel === null) {
    throw new Error(`Command not whitelisted: ${command}`);
  }

  // If command is forbidden, reject
  if (securityLevel === CommandSecurityLevel.FORBIDDEN) {
    throw new Error(`Command is forbidden: ${command}`);
  }

  // If command requires approval, add to pending queue
  if (securityLevel === CommandSecurityLevel.REQUIRES_APPROVAL) {
    return this.queueCommandForApproval(command, args, options.requestedBy);
  }

  // For safe commands, execute immediately
  try {
    const timeout = options.timeout || this.defaultTimeout;
    const { stdout, stderr } = await execFileAsync(command, args, {
      timeout,
      shell: this.useShell ? this.shell : false
    });

    return { stdout, stderr };
  } catch (error) {
    if (error instanceof Error) {
      throw new Error(`Command execution failed: ${error.message}`);
    }
    throw error;
  }
}

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It states the action but lacks critical details such as security implications, permission requirements, whether it's destructive, rate limits, or output format. This is a significant gap for a tool that executes shell commands, which can have high-risk behaviors.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that directly states the tool's function without unnecessary words. It's front-loaded and appropriately sized for its purpose, making it easy to parse quickly.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of executing shell commands (potentially high-risk with no annotations) and lack of output schema, the description is incomplete. It fails to address security, permissions, or return values, leaving the agent with insufficient context for safe and effective use.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 100% description coverage, with clear documentation for 'command' and 'args'. The description doesn't add any parameter-specific details beyond what the schema provides, such as examples or constraints, so it meets the baseline for high schema coverage without extra value.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('Execute') and resource ('a shell command on the current platform'), making the purpose understandable. However, it doesn't distinguish this tool from its siblings like 'approve_command' or 'deny_command', which appear to be related to command management but have different functions.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. Given siblings like 'approve_command' and 'deny_command', it's unclear if 'execute_command' requires approval, operates independently, or has specific prerequisites, leaving the agent without usage context.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/cfdude/super-shell-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server