SSH MCP

ubuntu_update_packages

Update Ubuntu system packages via SSH connection, with options for security-only updates, package upgrades, and cleanup of unused dependencies.

Instructions

Update system packages on Ubuntu

Input Schema

TableJSON Schema

Name	Required	Description
`connectionId`	Yes	ID of an active SSH connection
`securityOnly`	No	Whether to update only security packages (default: false)
`upgrade`	No	Whether to upgrade packages after update (default: true)
`autoremove`	No	Whether to remove unused packages after update (default: false)
`sudo`	No	Whether to run the command with sudo (default: true)

Implementation Reference

src/ubuntu-website-tools.ts:132-182 (handler)

The main execution handler for the 'ubuntu_update_packages' tool. It connects to the SSH server, builds and executes apt update/upgrade commands based on parameters like securityOnly, upgrade, autoremove, and sudo.

async ubuntu_update_packages(params) {
  const { connectionId, securityOnly = false, upgrade = true, autoremove = false, sudo = true } = params;
  
  try {
    const conn = getConnection(connectionMap, connectionId);
    const sudoPrefix = sudo ? 'sudo ' : '';
    
    // Build the update command
    let commands = [];
    
    // Always update package lists first
    if (securityOnly) {
      commands.push(`${sudoPrefix}apt-get update -o Dir::Etc::SourceList=/etc/apt/security.sources.list`);
    } else {
      commands.push(`${sudoPrefix}apt-get update`);
    }
    
    // Upgrade if requested
    if (upgrade) {
      if (securityOnly) {
        commands.push(`${sudoPrefix}apt-get upgrade -s | grep "^Inst" | grep -i security | awk '{print $2}' | xargs ${sudoPrefix}apt-get install -y`);
      } else {
        commands.push(`${sudoPrefix}apt-get upgrade -y`);
      }
    }
    
    // Auto-remove if requested
    if (autoremove) {
      commands.push(`${sudoPrefix}apt-get autoremove -y`);
    }
    
    // Execute all commands in sequence and collect results
    let output = '';
    for (const cmd of commands) {
      const result = await executeSSHCommand(conn, cmd, 300000); // 5-minute timeout for upgrades
      output += `Command: ${cmd}\nExit code: ${result.code}\nOutput:\n${result.stdout || result.stderr}\n\n`;
    }
    
    return {
      content: [{
        type: 'text',
        text: `Package update completed.\n\n${output}`
      }]
    };
  } catch (error: any) {
    return {
      content: [{ type: 'text', text: `Package update error: ${error.message}` }],
      isError: true
    };
  }
},

src/ubuntu-website-tools.ts:538-566 (schema)

The input schema and description for the 'ubuntu_update_packages' tool, defining parameters and validation.

ubuntu_update_packages: {
  description: 'Update system packages on Ubuntu',
  inputSchema: {
    type: 'object',
    properties: {
      connectionId: {
        type: 'string',
        description: 'ID of an active SSH connection'
      },
      securityOnly: {
        type: 'boolean',
        description: 'Whether to update only security packages (default: false)'
      },
      upgrade: {
        type: 'boolean',
        description: 'Whether to upgrade packages after update (default: true)'
      },
      autoremove: {
        type: 'boolean',
        description: 'Whether to remove unused packages after update (default: false)'
      },
      sudo: {
        type: 'boolean',
        description: 'Whether to run the command with sudo (default: true)'
      }
    },
    required: ['connectionId']
  }
},

src/index.ts:293-296 (registration)
Registration/dispatch logic in the main CallToolRequestSchema handler that routes 'ubuntu_update_packages' calls to the specific ubuntuToolHandlers function.
```
// Handle Ubuntu tools directly
if (toolName.startsWith('ubuntu_') && ubuntuToolHandlers[toolName]) {
  return ubuntuToolHandlers[toolName](request.params.arguments);
}
```
src/index.ts:179-179 (registration)
Call to addUbuntuTools which initializes Ubuntu tools including overriding ListTools to expose 'ubuntu_update_packages' schema.
```
addUbuntuTools(this.server, this.connections);
```

src/ubuntu-website-tools.ts:18-58 (helper)

Shared utility function executeSSHCommand used by the ubuntu_update_packages handler to run APT commands over SSH.

async function executeSSHCommand(conn: Client, command: string, timeout = 60000): Promise<{
  code: number;
  signal: string;
  stdout: string;
  stderr: string;
}> {
  return new Promise((resolve, reject) => {
    // Set up timeout
    const timeoutId = setTimeout(() => {
      reject(new Error(`Command execution timed out after ${timeout}ms`));
    }, timeout);
    
    conn.exec(command, {}, (err: Error | undefined, stream: any) => {
      if (err) {
        clearTimeout(timeoutId);
        return reject(new Error(`Failed to execute command: ${err.message}`));
      }
      
      let stdout = '';
      let stderr = '';
      
      stream.on('close', (code: number, signal: string) => {
        clearTimeout(timeoutId);
        resolve({
          code,
          signal,
          stdout: stdout.trim(),
          stderr: stderr.trim()
        });
      });
      
      stream.on('data', (data: Buffer) => {
        stdout += data.toString();
      });
      
      stream.stderr.on('data', (data: Buffer) => {
        stderr += data.toString();
      });
    });
  });
}

Tool Definition Quality

C2.9/5.0

Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure. 'Update system packages' implies a system modification, but the description doesn't disclose that this requires elevated privileges (sudo), may require user confirmation, could break dependencies, or has potential side effects. It mentions none of the behavioral traits that would help an agent understand the operation's impact.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness5/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient sentence with zero wasted words. It's appropriately sized for a tool with comprehensive schema documentation. Every word earns its place by clearly stating the core functionality without unnecessary elaboration.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a system modification tool with 5 parameters, no annotations, and no output schema, the description is inadequate. It doesn't explain what 'update' entails (apt update vs apt upgrade), doesn't mention typical use cases, doesn't warn about potential system impacts, and provides no information about return values or error conditions. The agent would need to infer too much from the sparse description.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema already documents all 5 parameters thoroughly. The description adds no parameter-specific information beyond what's in the schema. It doesn't explain the relationship between parameters (e.g., how securityOnly interacts with upgrade) or provide usage examples. Baseline 3 is appropriate when schema does the heavy lifting.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description 'Update system packages on Ubuntu' clearly states the action (update) and resource (system packages on Ubuntu). It distinguishes from sibling tools like ubuntu_nginx_control or ubuntu_ufw_firewall by focusing on package management rather than service control or firewall configuration. However, it doesn't explicitly differentiate from generic ssh_exec which could also run update commands.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines2/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention prerequisites like needing an active SSH connection, nor does it explain when to use this specialized tool versus the more general ssh_exec tool. There's no context about typical update scenarios or limitations.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Latest Blog Posts

Tool Definition Quality Score (TDQS)
By punkpeye on April 3, 2026.
mcp
The Hackers Who Tracked My Sleep Cycle
By punkpeye on March 26, 2026.
security
Open Source Has a Bot Problem
By punkpeye on March 19, 2026.
open source

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/mixelpixx/SSH-MCP'

If you have feedback or need assistance with the MCP directory API, please join our Discord server