en es ja ko zh

Shell-MCP

by kevinwatt

Overview Schema Related Servers Score Discussions

TypeScript

Local

shell_whereis

Locate binary, source, and manual page files for shell commands to identify command locations and documentation paths.

Instructions

Locate the binary, source, and manual page files for a command

Input Schema

TableJSON Schema

Name	Required	Description	Default
`args`	No	Command arguments

Implementation Reference

src/index.ts:45-85 (handler)

Generic MCP tool call handler that specifically supports 'shell_whereis' by mapping 'shell_whereis' to 'shell.whereis' via string replacement, validating, and executing the 'whereis' command using the executor.

server.setRequestHandler(CallToolRequestSchema, async (request) => {
  try {
    const command = String(request.params?.name || '');
    const fullCommand = `shell.${command.replace('shell_', '')}`;  // Replace shell_ back to shell.
    
    if (!(fullCommand in allowedCommands)) {
      return {
        content: [{ type: "text", text: `Unknown command: ${command}` }],
        isError: true
      };
    }
    
    const actualCommand = allowedCommands[fullCommand].command;
    const args = Array.isArray(request.params?.arguments?.args)
      ? request.params.arguments.args.map(String)
      : [];
  
    validator.validateCommand(actualCommand, args);
    const stream = await executor.execute(actualCommand, args);
  
    return {
      content: [{
        type: "text",
        text: await new Promise((resolve, reject) => {
          const chunks: Buffer[] = [];
          stream.stdout.on('data', (chunk: Buffer) => chunks.push(chunk));
          stream.stdout.on('end', () => resolve(Buffer.concat(chunks).toString()));
          stream.stdout.on('error', reject);
        })
      }]
    };
  } catch (error) {
    return {
      content: [{ 
        type: "text", 
        text: `Command execution failed: ${error instanceof Error ? error.message : String(error)}` 
      }],
      isError: true
    };
  }
});

src/index.ts:27-43 (schema)

Registers all tools including 'shell_whereis' (from 'shell.whereis' via replace('shell.', 'shell_')) and defines the input schema for arguments array.

server.setRequestHandler(ListToolsRequestSchema, async () => {
  const tools = Object.entries(allowedCommands).map(([name, config]) => ({
    name: name.replace('shell.', 'shell_'),  // Replace shell. with shell_
    description: config.description,
    inputSchema: {
      type: "object",
      properties: {
        args: {
          type: "array",
          items: { type: "string" },
          description: "Command arguments"
        }
      }
    }
  }));
  return { tools };
});

src/config/allowlist.ts:189-199 (registration)

Configuration entry for 'shell.whereis' command that maps to the MCP tool 'shell_whereis', specifying the executable, description, allowed arguments, and timeout.

'shell.whereis': {
  command: 'whereis',
  description: 'Locate the binary, source, and manual page files for a command',
  allowedArgs: [
    '-b',  // 只搜索二進制文件
    '-m',  // 只搜索手冊頁
    '-s',  // 只搜索源代碼
    '*'    // 允許任何命令名稱作為參數
  ],
  timeout: 3000
}

src/core/executor.ts:31-121 (helper)

Core execution logic that spawns the 'whereis' process with given arguments for the shell_whereis tool, handles streams, caching, security, and timeouts.

async execute(
  command: string,
  args: string[] = [],
  options: ExecuteOptions = {}
): Promise<{ stdout: Readable }> {
  const commandKey = `${command} ${args.join(' ')}`;
  
  try {
    // Check security
    await this.securityChecker.validateCommand(command, args, options);

    // Check cache
    const cached = this.cache.get(commandKey);
    if (cached) {
      this.logger.debug('Using cached command result', { command, args });
      return this.createStreamFromCache(cached);
    }

    // Remove 'shell.' prefix for execution
    const baseCommand = command.replace('shell.', '');

    // Execute command
    this.logger.debug('Starting command execution', { command, args, options });
    const childProcess = spawn(baseCommand, args, {
      stdio: ['ignore', 'pipe', 'pipe'],
      timeout: options.timeout,
      cwd: options.cwd,
      env: {
        ...process.env,
        ...options.env
      },
      signal: options.signal
    });

    this.currentProcess = childProcess;

    // Error handling
    childProcess.on('error', (error: Error) => {
      this.logger.error('Command execution error', {
        command,
        args,
        error: error.message
      });
      throw new ToolError(
        'PROCESS_ERROR',
        'Command execution error',
        { command, args, error: error.message }
      );
    });

    // Timeout handling
    if (options.timeout) {
      setTimeout(() => {
        if (childProcess.exitCode === null) {
          this.logger.warn('Command execution timeout', {
            command,
            args,
            timeout: options.timeout
          });
          childProcess.kill();
          throw new ToolError(
            'TIMEOUT',
            'Command execution timeout',
            { command, args, timeout: options.timeout }
          );
        }
      }, options.timeout);
    }

    if (!childProcess.stdout) {
      throw new ToolError(
        'STREAM_ERROR',
        'Unable to get command output stream',
        { command, args }
      );
    }

    // Monitor process status
    childProcess.on('exit', (code, signal) => {
      this.logger.debug('Command execution completed', {
        command,
        args,
        exitCode: code,
        signal
      });
    });

    return {
      stdout: childProcess.stdout
    };

Tool Definition Quality

B3.2/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It states what the tool does but lacks details on behavioral traits such as error handling, output format, performance characteristics, or system dependencies. For a tool that queries system resources, this omission is significant and leaves the agent with incomplete operational understanding.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence that front-loads the core functionality without unnecessary elaboration. Every word contributes directly to understanding the tool's purpose, making it appropriately sized and structured for quick comprehension.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the lack of annotations and output schema, the description is incomplete for a tool that interacts with system commands. It does not address potential complexities such as return formats, error conditions, or platform-specific behaviors. For a tool with no structured behavioral data, the description should provide more context to ensure reliable agent usage.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The schema description coverage is 100%, with the parameter 'args' documented as 'Command arguments'. The description does not add meaning beyond this, as it does not explain what constitutes valid arguments or provide examples. Given the high schema coverage, the baseline score of 3 is appropriate, as the schema handles the parameter documentation adequately.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose5/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose with specific verbs ('locate') and resources ('binary, source, and manual page files for a command'), distinguishing it from sibling tools that perform different operations like file viewing (shell_cat), system monitoring (shell_ps), or network queries (shell_dig). It precisely communicates what the tool does without being vague or tautological.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It does not mention any prerequisites, exclusions, or specific contexts for usage, nor does it reference sibling tools that might serve similar purposes. This leaves the agent without explicit direction on appropriate application scenarios.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/kevinwatt/shell-mcp'

If you have feedback or need assistance with the MCP directory API, please join our Discord server