Shell-MCP

Overview Schema Related Servers Score Discussions

shell_ip

Execute ip commands to manage routing, network devices, interfaces, and tunnels through a secure MCP server with controlled resource usage.

Instructions

Show / manipulate routing, network devices, interfaces and tunnels

Input Schema

TableJSON Schema

Name	Required	Description	Default
`args`	No	Command arguments

Implementation Reference

src/config/allowlist.ts:170-188 (schema)

Schema and configuration for the 'shell.ip' tool, defining the underlying 'ip' command, description, allowed arguments for input validation, and timeout.

'shell.ip': {
  command: 'ip',
  description: 'Show / manipulate routing, network devices, interfaces and tunnels',
  allowedArgs: [
    'addr',     // show addresses
    'link',     // show network devices
    'route',    // show routing table
    'neigh',    // show neighbor table
    '-br',      // brief output
    '-c',       // color output
    '-s',       // statistics
    '-d',       // details
    '-h',       // human readable
    '--help',
    'show',
    '*'         // allow interface names
  ],
  timeout: 3000
},

src/mcp/server.ts:105-147 (registration)

Registration logic that dynamically creates MCP tool definitions, including the 'ip' tool from 'shell.ip' config, with name, description, and input schema for args array.

private processTools(): Tool[] {
  const tools: Tool[] = [];
  const processedNames = new Set<string>();

  this.logger.debug('Starting to process tool list', { 
    commandCount: Object.keys(allowedCommands).length 
  });

  Object.entries(allowedCommands).forEach(([name, config]) => {
    const toolName = name.replace('shell.', '');
    this.logger.debug('Processing command', { 
      originalName: name,
      toolName,
      isProcessed: processedNames.has(toolName)
    });

    if (!processedNames.has(toolName)) {
      processedNames.add(toolName);
      tools.push({
        name: toolName,
        description: config.description,
        inputSchema: {
          type: "object",
          properties: {
            args: {
              type: "array",
              items: { type: "string" },
              description: "Command arguments"
            }
          }
        }
      });
    }
  });

  this.logger.debug('Tool list processing completed', { 
    toolCount: tools.length,
    processedNames: Array.from(processedNames)
  });

  this.validateToolNames(tools);
  return tools;
}

src/mcp/server.ts:172-247 (handler)

Primary MCP handler for calling tools like 'ip': resolves full command 'shell.ip', retrieves config, validates args, executes via CommandExecutor, and returns output stream as text content.

this.server.setRequestHandler(CallToolRequestSchema, async (request, extra: unknown) => {
  const ext = extra as Extra;
  if (!request.params?.name) {
    throw new ToolError('MISSING_COMMAND', 'Command name is required');
  }
  
  const command = String(request.params.name);
  const fullCommand = command.startsWith('shell.') ? command : `shell.${command}`;
  
  if (!(fullCommand in allowedCommands)) {
    throw new ToolError('COMMAND_NOT_FOUND', 'Command not found', { command });
  }
  
  const config = allowedCommands[fullCommand];
  const args = Array.isArray(request.params.arguments?.args)
    ? request.params.arguments.args.map(String)
    : [];

  const context: CommandContext = {
    requestId: ext.id || 'unknown',
    command,
    args,
    timeout: config.timeout,
    workDir: config.workDir,
    env: config.env
  };

  this.logger.info('Starting command execution', context);

  try {
    this.validator.validateCommand(command, args);
    
    this.logger.debug('Command validation passed', {
      ...context,
      config
    });

    const stream = await this.executor.execute(command, args, {
      timeout: config.timeout,
      cwd: config.workDir,
      env: config.env
    });

    ext.onCancel?.(() => {
      this.logger.info('Received cancel request', context);
      this.executor.interrupt();
    });

    const output = await this.collectOutput(stream);

    this.logger.info('Command execution completed', {
      ...context,
      outputLength: output.length
    });

    return {
      content: [{
        type: "text",
        text: output
      }]
    };

  } catch (error) {
    this.logger.error('Command execution failed', {
      ...context,
      error: error instanceof Error ? error.message : String(error),
      stack: error instanceof Error ? error.stack : undefined
    });
    
    throw new ToolError(
      'EXECUTION_FAILED',
      `Command execution failed: ${error instanceof Error ? error.message : String(error)}`,
      context
    );
  }
});

src/core/executor.ts:31-139 (handler)

Core execution handler that spawns the child process for the base command 'ip' with provided arguments, handles security, caching, timeouts, and streams stdout.

async execute(
  command: string,
  args: string[] = [],
  options: ExecuteOptions = {}
): Promise<{ stdout: Readable }> {
  const commandKey = `${command} ${args.join(' ')}`;
  
  try {
    // Check security
    await this.securityChecker.validateCommand(command, args, options);

    // Check cache
    const cached = this.cache.get(commandKey);
    if (cached) {
      this.logger.debug('Using cached command result', { command, args });
      return this.createStreamFromCache(cached);
    }

    // Remove 'shell.' prefix for execution
    const baseCommand = command.replace('shell.', '');

    // Execute command
    this.logger.debug('Starting command execution', { command, args, options });
    const childProcess = spawn(baseCommand, args, {
      stdio: ['ignore', 'pipe', 'pipe'],
      timeout: options.timeout,
      cwd: options.cwd,
      env: {
        ...process.env,
        ...options.env
      },
      signal: options.signal
    });

    this.currentProcess = childProcess;

    // Error handling
    childProcess.on('error', (error: Error) => {
      this.logger.error('Command execution error', {
        command,
        args,
        error: error.message
      });
      throw new ToolError(
        'PROCESS_ERROR',
        'Command execution error',
        { command, args, error: error.message }
      );
    });

    // Timeout handling
    if (options.timeout) {
      setTimeout(() => {
        if (childProcess.exitCode === null) {
          this.logger.warn('Command execution timeout', {
            command,
            args,
            timeout: options.timeout
          });
          childProcess.kill();
          throw new ToolError(
            'TIMEOUT',
            'Command execution timeout',
            { command, args, timeout: options.timeout }
          );
        }
      }, options.timeout);
    }

    if (!childProcess.stdout) {
      throw new ToolError(
        'STREAM_ERROR',
        'Unable to get command output stream',
        { command, args }
      );
    }

    // Monitor process status
    childProcess.on('exit', (code, signal) => {
      this.logger.debug('Command execution completed', {
        command,
        args,
        exitCode: code,
        signal
      });
    });

    return {
      stdout: childProcess.stdout
    };

  } catch (error) {
    this.logger.error('Command execution failed', {
      command,
      args,
      error: error instanceof Error ? error.message : String(error)
    });
    
    throw new ToolError(
      'EXECUTION_ERROR',
      'Command execution failed',
      { 
        command, 
        args, 
        error: error instanceof Error ? error.message : String(error)
      }
    );
  }
}

src/core/validator.ts:11-59 (helper)

Validates input arguments for shell.ip against allowedArgs from config, checks paths, timeouts, ensuring secure execution.

validateCommand(
  command: string, 
  args: string[] = [], 
  options: CommandOptions = {}
): void {
  console.log('Validating command:', {
    command,
    args,
    baseCommand: command.replace('shell.', ''),
    fullCommand: `shell.${command.replace('shell.', '')}`,
    config: allowedCommands[`shell.${command.replace('shell.', '')}`]
  });

  const baseCommand = command.replace('shell.', '');
  
  if (!(`shell.${baseCommand}` in allowedCommands)) {
    throw new Error(`Command not allowed: ${command}`);
  }
  
  const config = allowedCommands[`shell.${baseCommand}`];
  
  const allowedArgs = config.allowedArgs || [];
  
  console.log('Checking args:', {
    allowedArgs,
    hasWildcard: allowedArgs.includes('*')
  });

  args.forEach(arg => {
    if (arg.startsWith('-')) {
      if (!allowedArgs.includes(arg)) {
        console.log('Invalid option:', arg);
        throw new Error(`Invalid argument: ${arg}`);
      }
    }
    else if (!allowedArgs.includes('*')) {
      console.log('Path not allowed:', arg);
      throw new Error(`Invalid argument: ${arg}`);
    } else {
      // 檢查路徑參數
      this.validatePath(arg);
    }
  });
  
  // 檢查超時設定
  if (options.timeout && options.timeout > securityConfig.defaultTimeout) {
    throw new Error(`Timeout exceeds maximum allowed value`);
  }
}

Tool Definition Quality

C2.6/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden of behavioral disclosure. It mentions 'show / manipulate' but doesn't specify whether this requires elevated permissions, what 'manipulate' entails (e.g., destructive changes), or any rate limits or side effects. The description is too brief to provide meaningful behavioral context for a tool that could involve network configuration.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence: 'Show / manipulate routing, network devices, interfaces and tunnels'. It's front-loaded and wastes no words, making it easy to scan. However, it could be more structured by separating show vs. manipulate functions, but it's appropriately sized for its content.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of network tools and the lack of annotations and output schema, the description is incomplete. It doesn't explain return values, error conditions, or provide context for the 'manipulate' aspect, which could involve risky operations. For a tool with potential destructive behavior and no structured support, more detail is needed to guide safe usage.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 100% description coverage, with one parameter 'args' described as 'Command arguments'. The description adds no additional meaning beyond this, as it doesn't explain what types of arguments are expected or provide examples. With high schema coverage, the baseline is 3, but the description doesn't compensate with any param-specific details.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose3/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description states the tool is for 'Show / manipulate routing, network devices, interfaces and tunnels', which provides a general purpose but is vague about the specific verb and resource. It mentions 'show' and 'manipulate' as actions but doesn't specify how these relate to the 'shell_ip' name or distinguish it from sibling network tools like shell_netstat or shell_nslookup. The purpose is understandable but lacks precision.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description offers no guidance on when to use this tool versus alternatives. With sibling tools like shell_netstat for network statistics and shell_nslookup for DNS queries, there's no indication of when shell_ip is appropriate, such as for IP routing configuration or network interface management. No exclusions or prerequisites are mentioned, leaving usage unclear.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/kevinwatt/shell-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server