"Bash shell scripting and command line resources" matching MCP tools:

• check_injection

  ContrastAPI

  Scan source code for injection vulnerabilities: SQL injection, command injection, path traversal via unsafe string concatenation/unsanitized input. Supports Python, JavaScript, TypeScript, Java, Go, Ruby, Shell, Bash. Use to detect input-handling bugs; for secrets use check_secrets. Companion code-security tools: check_secrets (hard-coded credential detection), check_dependencies (known-CVE vulnerability audit), check_headers (live HTTP security-header validation), scan_headers (live HTTP scan via domain). Free: 30/hr, Pro: 500/hr. Returns {total, by_severity, findings}. No data stored.

  Connector

• setup_agent_fleet

  mcp

  Complete one-shot setup: validates prerequisites, creates a controller VM + worker VMs, auto-creates a public HTTPS URL on port 7070, seeds a starter ROADMAP.md into the repo if absent, and returns the trigger token. Call this when a user says 'set up autocoding agents for my repo' or 'I want agents to work on my codebase'. HOW THE AGENT WORKS: each worker runs Claude Code inside the repo, implements one task, runs the test suite, and opens a pull request. It excels at focused, single-PR, testable units of work — add an endpoint, write tests for a module, fix a specific bug, add a UI page — and is poor at vague/large tasks, design decisions, or anything needing external credentials. TASK FORMAT (strict, one line each): `- [ ] **Title** — short description *(agent-ready)*` — the `- [ ]` checkbox, `**bold title**`, ` — ` separator, and `*(agent-ready)*` are ALL required; `##` headings and plain bullets are ignored. After this returns, the user needs to: (1) authorize the fleet by running the authorize.sh one-liner it returns (it runs `claude setup-token` for a long-lived token installed on the controller) — agents use the user's existing Claude Max/Pro subscription, NOT an API key. This is a shell command the USER runs in their own terminal; do NOT try to read or push the user's credentials yourself. The controller takes ~7 min to boot, so PREFER to poll get_agent_status until it reports the controller is reachable and present the authorize command only once it's ready — that way the user doesn't run it into a long wait. (The command also waits on its own, showing a live progress counter, so a user who runs it early is fine too.) (2) add well-scoped tasks in the format above to ROADMAP.md; (3) call trigger_agent_batch.

  Connector

• read_resource

  UK Legal Research

  Read a resource by its URI. For static resources, provide the exact URI. For templated resources, provide the URI with template parameters filled in. Returns the resource content as a string. Binary content is base64-encoded.

  Connector

• prepare_image_upload

  Avocado AI

  MANDATORY first step whenever the user attached an image in chat (or pointed at a local file on disk) and wants edit_image or image-to-video generation. Returns a signed PUT URL plus a file_id. After this tool: either (a) the inline upload widget will let the user drop the file and auto-continue (Claude.ai web), or (b) you run a curl PUT yourself if you have shell access (Claude Desktop / Claude Code) — the response text contains a ready-to-run curl command. Then call edit_image or generate_video with file_id=<returned id>. edit_image and generate_video do NOT accept base64 — calling them with raw image bytes WILL fail. This tool is the only working path for chat attachments. Set `purpose` to 'edit' or 'video' so the upload widget points the user at the right downstream tool.

  Connector

• chieflab_status

  ChiefLab

  SESSION-RECOVERY · FIRST CALL when a session starts and the user mentions launch / users / growth / customers / metrics / revenue / marketing / what next / shipping. Returns a command-center bootCard with `headline`, `priority`, `cards[]` (each carries kind + label + literal user command + runHandle), and `next` (the one-line prompt). Aggregates: pending approvals + ripe measurements + new engagement + queued prospects + recent launches + manual-publish-pending actions. ChiefLab is stateful and re-summonable — even if the conversation was lost, the IDE was switched, or the runId was forgotten, this call recovers the workspace business state. If the user asked to launch the CURRENT repo, compare boot cards to currentRepoContext/projectName; if the open loop is unrelated, start a fresh launch instead of resuming stale work.

  Connector

• delete_cron

  BorealHost

  Delete a cron job by line number. Get line numbers from list_cron(). Requires: API key with write scope. Args: slug: Site identifier line_number: Line number of the cron entry to delete Returns: {"deleted": true}

  Connector

• executive_comp_peer_benchmark

  gapup-mcp

  As a Chief Human Resources Officer (CHRO), benchmark executive compensation packages against peer companies using public SEC filings and private compensation data from Equilar and Bloomberg. Inputs include executive name, title, company ticker, and peer group criteria. Outputs structured compensation metrics (base salary, bonus, equity, total compensation) with source attribution and confidence scores.

  Connector

• dataset_details

  Opendata Swiss

  Full metadata for one dataset (CKAN package_show) including its resources/distributions with download URLs. Use a dataset `name` (slug) or id from search_datasets. There is no datastore, so fetch `resources[].download_url`/`url` for the underlying data.

  Connector

• lookup_authoring_skill

  kernelcad

  Return the kernelcad-authoring SKILL.md body — conventions for writing .kcad.ts scripts (imports, parameters, evaluation contract, common pitfalls). Use this tool BEFORE generating CAD code if your MCP client does not list resources. Clients that do list resources should instead read `kernelcad://skills/authoring` directly — the contents are identical. INPUT: none. OUTPUT: { uri, mimeType, text } where `text` is the SKILL.md body.

  Connector

• compare_translations

  Tripitaka MCP (hosted)

  Compare every available translation for a single segment. 💡 **Use this tool when:** - The user asks about the meaning/translation of a single Pāli line and wants to see multiple translators side-by-side. - Checking how different translators interpret the same line — technical terms like `dukkha`, `anattā`, `nibbāna` carry nuance that varies across translations. - Academic work that needs to quote multiple translations. 🔍 **vs `get_sutta`:** this tool targets a **single segment** (line level); `get_sutta` returns the **whole sutta**. To compare a whole sutta you'd call `compare_translations` for each segment. 📋 **segment_id format:** `<sutta_id>:<paragraph>.<line>`, e.g. `mn1:171.4` (Mūlapariyāyasutta paragraph 171 line 4 — "Nandī dukkhassa mūlaṁ"). Find segment_ids via `get_sutta` or search results. ⚠️ **Current state:** the `translation` table is mostly empty (the DB only loads default Pāli + English from bilara). `total_editions` is usually 0; `text_pali` and `text_english` are always populated. Thai editions will be added later.

  Connector

• transit_status

  dynamic-feed

  Live transit service alerts & line status from connected GTFS-RT transit feeds — answer "is my line/service disrupted right now?". Coverage varies by agency as feeds are wired in; lines or services with an active alert are listed first. Use `only_issues=true` to cut to active disruptions. Args: query: match a line/system/description (e.g. "victoria", "detour"). system: filter by transit system/agency. city: filter by city. only_issues: only lines/services with an active alert. limit: max results. Envelope: this is a live transit probe, so measured_at = when WE last aggregated the freshest returned line (each row's `updated_at`); max_age 30 min covers the 15-min refresh slot, so a current board reads "live". An empty result (no matching line) yields unavailable.

  Connector

• save_kb_card

  fixflow

  WRITE to the Knowledge Base. This tool has TWO modes: **MODE 1 — SAVE a new card**: Provide `content` with full Markdown following the ACTIONABLE schema below. **MODE 2 — REPORT OUTCOME**: Provide `kb_id` + `outcome` ('success' or 'failure'). WHEN TO USE: - Mode 1: After successfully fixing a bug IF no existing KB card covered it. - Mode 2: ALWAYS after applying a solution from `read_kb_doc` and running verification. INPUT: - `content`: (Mode 1) Full Markdown KB card content — follow the EXACT template below. - `overwrite`: (Mode 1) Set to True to update an existing card. - `kb_id`: (Mode 2) ID of the card to report outcome for. - `outcome`: (Mode 2) 'success' or 'failure'. - `enrichment`: (Mode 2, optional) Additional context to merge into the card when outcome is 'failure'. ━━━ CARD TEMPLATE (Mode 1) — copy this structure EXACTLY ━━━ ``` --- kb_id: "[PLATFORM]_[CATEGORY]_[NUMBER]" # e.g. WIN_TERM_001, CROSS_DOCKER_002 title: "[Short Title — max 5 words]" category: "[terminal|devops|supabase|fastmcp|network|database|...]" platform: "[windows|linux|macos|cross-platform]" technologies: [tech1, tech2] complexity: [1-10] criticality: "[low|medium|high|critical]" created: "[YYYY-MM-DD]" tags: [tag1, tag2, tag3] related_kb: [] --- # [Short Title — max 5 words] > **TL;DR**: [One sentence — what's the problem + solution] > **Fix Time**: ~[X min] | **Platform**: [Windows/Linux/macOS/All] --- ## 🔍 This Is Your Problem If: - [ ] [Symptom 1 — specific symptom or error message] - [ ] [Symptom 2 — specific error code or log line] - [ ] [Symptom 3 — environment/version condition] **Where to Check**: [console / logs / env / task manager / etc.] --- ## ✅ SOLUTION (copy-paste) ### 🎯 Integration Pattern: [Global Scope] / [Inside Init] / [Event Handler] ```[language] # [One-line comment — what this code does] [depersonalized code WITHOUT specific paths, use __VAR__ for things to replace] ``` ### ⚡ Critical (won't work without this): - ✓ **[Critical Point 1]** — [why it's essential] - ✓ **[Critical Point 2]** — [common mistake to avoid] ### 📌 Versions: - **Works**: [OS/library versions where confirmed working] - **Doesn't Work**: [OS/library versions where known broken] --- ## ✔️ Verification (<30 sec) ```bash [single command to verify the fix worked] ``` **Expected**: ✓ [Specific output or behavior that confirms success] **If it didn't work** → see Fallback below ⤵ --- ## 🔄 Fallback (if main solution failed) ### Option 1: [approach name] ```bash [command] ``` **When**: [condition to use this option] | **Risks**: [what might break] ### Option 2: [alternative approach] ```bash [command] ``` **When**: [condition] | **Risks**: [what might break] --- ## 💡 Context (optional) **Root Cause**: [1 sentence — why this problem occurs] **Side Effects**: [what might change after applying the fix] **Best Practice**: [how to avoid this in future — 1 point] **Anti-Pattern**: ✗ [what NOT to do — common mistake] --- **Applicable**: [OS, library versions, conditions] **Frequency**: [rare / common / very common] ``` ━━━ END OF TEMPLATE ━━━ RULES for ACTIONABLE cards: 1. Solution FIRST — after diagnosis, code immediately 2. Depersonalize — no names, project names, or absolute paths 3. Use `__VAR__` markers for anything the user must replace 4. One Verification command, result visible in <30 sec 5. Fallback — 1-2 options max, always include When/Risks 6. Context at End — WHY is optional reading for curious agents

  Connector

• usaspending_search_federal_accounts

  usaspending-mcp-server

  List and keyword-search federal accounts by agency identifier or title keyword. Returns account numbers, names, managing agencies, and budgetary resources. Use account_number from results as input to usaspending_get_federal_account for full budget detail. Use usaspending_list_agencies to look up agency_identifier codes (3-digit strings, e.g. "097" for DoD).

  Connector

• get_install_command

  Uploadkit

  Return the exact shell command to install UploadKit packages for a given package manager. When to use: before asking the user to add dependencies — match their package manager (detect from the presence of pnpm-lock.yaml / package-lock.json / yarn.lock / bun.lockb if you can, otherwise ask or default to pnpm). Saves you from guessing pnpm vs npm vs yarn vs bun syntax. Returns: a plain-text shell command as a single string (e.g. "pnpm add @uploadkitdev/react @uploadkitdev/next"). Read-only, idempotent, never modifies anything.

  Connector

• get_site_status

  BorealHost

  Get detailed status of a hosted site including resources, domains, and modules. Requires: API key with read scope. Args: slug: Site identifier (the slug chosen during checkout) Returns: {"slug": "my-site", "plan": "site_starter", "status": "active", "domains": ["my-site.borealhost.ai"], "modules": {...}, "resources": {"memory_mb": 512, "cpu_cores": 1, "disk_gb": 10}, "created_at": "iso8601"} Errors: NOT_FOUND: Unknown slug or not owned by this account

  Connector

• memory_insert

  emem — Earth memory protocol

  Insert `new_str` after the given 1-indexed line in the named memory file. `insert_line: 0` inserts at the top. Writes a new `file_cid` and signs the receipt. Mirrors the `insert` verb in Anthropic's context-management-2025-06-27 memory tool spec. When to use: Call when the LLM wants to append a new line to a memory file without rewriting it. For top-of-file inserts, pass `insert_line: 0`; for end-of-file, pass the current line count (the responder rejects out-of-range with a typed error).

  Connector

• review

  invinoveritas

  Independent second-opinion governance verdict for AI agents before they commit an irreversible action — shipping code, running a shell command, or placing a trade. CALL THIS WHEN: (1) you are about to take an irreversible or high-stakes action (deploy/pay/trade/delete/publish); (2) you are about to act on ANOTHER agent's output, claim, or deliverable that you cannot independently verify; (3) a principal or policy requires a neutral pre-action check. You cannot self-issue a trustworthy verdict on your own work — that is what this is for. Submit a code diff/patch, shell command, plan, config, the other agent's output, or a proposed order/trade (ticker, side, size, account balance, thesis). Returns a structured verdict (approve / approve_with_concerns / reject), issues ranked by severity, suggested fixes, and alternatives — proceed only on a non-reject verdict. Capital-scale-aware. Model-agnostic. Built and dogfooded daily by our own autonomous fleet (the gate our live Bitcoin bot passes on every entry).

  Connector

• check_secrets

  ContrastAPI

  Scan source code (or snippet) for hardcoded secrets — cloud provider keys, API tokens, connection strings, private keys, passwords. Supports Python, JavaScript, TypeScript, Java, Go, Ruby, Shell, Bash. Use to detect leaked credentials before commit; for injection detection use check_injection. Free: 30/hr, Pro: 500/hr. Returns {total, by_severity, findings}. No data stored. The generic password-assignment rule is suppressed when a more-specific credential rule fires on the same line — one targeted finding per leaked secret, not two.

  Connector

• build_permission_transaction

  powersun-tron-mcp

  Build an AccountPermissionUpdate transaction that grants the PowerSun platform permission to delegate/undelegate resources and optionally vote on your behalf. Returns an unsigned transaction that you must sign with your private key and then broadcast using broadcast_signed_permission_tx. All existing account permissions are preserved. Requires authentication.

  Connector

• open_remote_control

  RogerThat

  **One-call bootstrap for 'control me from your phone'.** Creates a private trusted channel + two identities (one for YOU, one for the human user's phone) and returns a mobile URL + QR + pre-formed shell commands so a single call wires up the whole phone→agent pipe. Use when the user says 'open a remote channel', 'let me control you from my phone', 'send me a pair link', 'open the remote control', or similar — this is the right tool over `create_channel` + `join` + manual listener setup. After this call, run the steps in the response in order: (1) `join` with the returned channel_id + token + agent.identity_key + owner_password — get back a session_id; (2) run `receiver_command_template` via your Bash tool (substituting <SID> with your session_id) — this starts the SSE listener detached in the background; (3) paste `monitor_command_template` LITERALLY into your Monitor tool to watch the inbox file; (4) run `selftest_command_template` via Bash — this writes a synthetic line to the inbox so your Monitor fires once and you confirm the wiring is correct before the operator sends anything from the phone. ⚠ NPX BOOTSTRAP: the first time `npx -y rogerthat` runs on a machine, it downloads the package (30-60s) before listener output starts; during that window the SSE stream isn't connected yet. The selftest line bypasses the listener (it's a direct file append), so the Monitor fires immediately — that confirms file path + Monitor are correct even while the listener finishes its npx warm-up. Only after the selftest notification arrives should you tell the operator 'ready'. (5) Immediately after that, broadcast a one-liner greeting via `send` (to:'all', no `kind`) — e.g. `"hi, I'm @<your-callsign> — connected via remote control. Tell me what you need."`. The /remote phone UI seeds history on join, so when the human opens the URL they see you're alive and ready instead of an empty screen. (6) When a request from the phone will take more than a few seconds to fulfill, FIRST fire a `send` with `kind:'status'` and a short ack like `"on it, ~30s"` — the phone renders that as a transient `● working…` indicator that clears on your real reply, turning dead silence into a visible loading state. Do NOT ask the operator anything about 'persistence strategy' or 'how should I listen' — this tool exists precisely so you listen; the commands are pre-formed. Fall back to a `wait` loop only if you literally have no shell access.

  Connector