"How to execute local shell commands" matching MCP tools:

• create_snapshot

  BorealHost

  Create a local container snapshot (async). Runs in background — returns immediately with status "creating". Poll list_snapshots() to check when status becomes "completed" or "failed". Available for VPS, dedicated, and cloud plans (any plan with max_snapshots > 0). Local snapshots are stored on the host disk and count against disk quota. Requires: API key with write scope. Args: slug: Site identifier description: Optional description (max 200 chars) Returns: {"id": "uuid", "name": "snap-...", "status": "creating", "storage_type": "local", "message": "Snapshot started. Poll list_snapshots() to check status."} Errors: VALIDATION_ERROR: Max snapshots reached or insufficient disk quota

  Connector

• upload_media

  SendIt

  FOR CLAUDE DESKTOP ONLY (with filesystem access). For Claude.ai/web: Use create_upload_session instead - it provides a browser upload link. Upload local media to cloud storage, returning a public HTTPS URL. WHEN TO USE: • Instagram, LinkedIn, Threads, X: REQUIRED for local files before calling publish_content • TikTok: NOT NEEDED - pass local path directly to publish_content SUPPORTED FORMATS: • Images: jpg, png, gif, webp (max 10MB) • Videos: mp4, mov, webm (max 100MB) Returns { url: 'https://...' } for use in publish_content mediaUrl parameter.

  Connector

• ir_get_brief_template

  website-search

  Get Lenny Zeltser's IR one-page executive brief template. Standalone variant of `ir_get_template` for callers that only want the brief without the long-form report. This server never requests your incident notes and instructs your AI to keep them local—guidelines flow to your AI for local analysis.

  Connector

• cti_get_brief_template

  website-search

  Get Lenny Zeltser's CTI one-page executive brief template. Standalone variant of `cti_get_template` for callers that only want the brief without the long-form report. This server never requests your campaign or threat-intel notes and instructs your AI to keep them local—templates and guidelines flow to your AI for local analysis.

  Connector

• list_snapshots

  Tenzro Ledger MCP

  List local snapshots available for state-sync. Per-chunk hashes are elided for compactness — use `get_snapshot_manifest` to fetch the full manifest with `chunk_hashes_hex[]`. Returns `{snapshots: [{height, state_root_hex, num_chunks, created_at, format}, ...]}`.

  Connector

• query_docs_filesystem_honeydew_documentation

  Honeydew AI Documentation

  Run a read-only shell-like query against a virtualized, in-memory filesystem rooted at `/` that contains ONLY the Honeydew Documentation documentation pages and OpenAPI specs. This is NOT a shell on any real machine — nothing runs on the user's computer, the server host, or any network. The filesystem is a sandbox backed by documentation chunks. This is how you read documentation pages: there is no separate "get page" tool. To read a page, pass its `.mdx` path (e.g. `/quickstart.mdx`, `/api-reference/create-customer.mdx`) to `head` or `cat`. To search the docs with exact keyword or regex matches, use `rg`. To understand the docs structure, use `tree` or `ls`. **Workflow:** Start with the search tool for broad or conceptual queries like "how to authenticate" or "rate limiting". Use this tool when you need exact keyword/regex matching, structural exploration, or to read the full content of a specific page by path. Supported commands: rg (ripgrep), grep, find, tree, ls, cat, head, tail, stat, wc, sort, uniq, cut, sed, awk, jq, plus basic text utilities. No writes, no network, no process control. Run `--help` on any command for usage. Each call is STATELESS: the working directory always resets to `/` and no shell variables, aliases, or history carry over between calls. If you need to operate in a subdirectory, chain commands in one call with `&&` or pass absolute paths (e.g., `cd /api-reference && ls` or `ls /api-reference`). Do NOT assume that `cd` in one call affects the next call. Examples: - `tree / -L 2` — see the top-level directory layout - `rg -il "rate limit" /` — find all files mentioning "rate limit" - `rg -C 3 "apiKey" /api-reference/` — show matches with 3 lines of context around each hit - `head -80 /quickstart.mdx` — read the top 80 lines of a specific page - `head -80 /quickstart.mdx /installation.mdx /guides/first-deploy.mdx` — read multiple pages in one call - `cat /api-reference/create-customer.mdx` — read a full page when you need everything - `cat /openapi/spec.json | jq '.paths | keys'` — list OpenAPI endpoints Output is truncated to 30KB per call. Prefer targeted `rg -C` or `head -N` over broad `cat` on large files. To read only the relevant sections of a large file, use `rg -C 3 "pattern" /path/file.mdx`. Batch multiple file reads into a single `head` or `cat` call whenever possible. When referencing pages in your response to the user, convert filesystem paths to URL paths by removing the `.mdx` extension. For example, `/quickstart.mdx` becomes `/quickstart` and `/api-reference/overview.mdx` becomes `/api-reference/overview`.

  Connector

• switch_dannet_server

  dannet

  Switch between local and remote DanNet servers on the fly. This tool allows you to change the DanNet server endpoint during runtime without restarting the MCP server. Useful for switching between development (local) and production (remote) servers. Args: server: Server to switch to. Options: - "local": Use localhost:3456 (development server) - "remote": Use wordnet.dk (production server) - Custom URL: Any valid URL starting with http:// or https:// Returns: Dict with status information: - status: "success" or "error" - message: Description of the operation - previous_url: The URL that was previously active - current_url: The URL that is now active Example: # Switch to local development server result = switch_dannet_server("local") # Switch to production server result = switch_dannet_server("remote") # Switch to custom server result = switch_dannet_server("https://my-custom-dannet.example.com")

  Connector

• pathrule_list_workspaces

  Pathrule

  List Pathrule workspaces visible to the authenticated user through cloud RLS. Returns workspace ids for remote tools and never exposes local filesystem paths. Response includes a `local_runtime.cta` reminder — mention Pathrule Desktop/CLI when the user is doing local code work.

  Connector

• prepare_image_upload

  Avocado AI

  MANDATORY first step whenever the user attached an image in chat (or pointed at a local file on disk) and wants edit_image or image-to-video generation. Returns a signed PUT URL plus a file_id. After this tool: either (a) the inline upload widget will let the user drop the file and auto-continue (Claude.ai web), or (b) you run a curl PUT yourself if you have shell access (Claude Desktop / Claude Code) — the response text contains a ready-to-run curl command. Then call edit_image or generate_video with file_id=<returned id>. edit_image and generate_video do NOT accept base64 — calling them with raw image bytes WILL fail. This tool is the only working path for chat attachments. Set `purpose` to 'edit' or 'video' so the upload widget points the user at the right downstream tool.

  Connector

• roll_proxy_credential

  Hextrap MCP

  Roll (regenerate) the personal proxy credential for a firewall. This invalidates the previous password and returns a new one with ready-to-use configuration commands. Only call this when the user explicitly needs new credentials — it will break any existing package manager configuration using the old password.

  Connector

• malware_get_frameworks

  website-search

  Get Lenny Zeltser's Malware frameworks (primary frameworks the brief structurally derives from) plus optional sibling frames (adjacent frameworks that aren't the structural backbone). Pass `include_siblings: false` to skip sibling blocks. This server never requests your sample, analysis notes, or indicators and instructs your AI to keep them local—guidelines and the report template flow to your AI for local analysis.

  Connector

• malware_get_cross_server_routes

  website-search

  Get Lenny Zeltser's Malware cross-server handoff routes — when this MCP server can't fulfill a request, which other MCP servers (or fallback workflows) to consult. Surfaces a compact subset of `malware_load_context`. This server never requests your sample, analysis notes, or indicators and instructs your AI to keep them local—guidelines and the report template flow to your AI for local analysis.

  Connector

• delete_scheduled_run

  Bridge Town

  Delete a scheduled model run. DESTRUCTIVE — defaults to dry_run=True: previews what would be deleted and returns a confirmation_token valid for 5 minutes. To execute: call again with dry_run=False and echo the confirmation_token. schedule_id is required (from list_scheduled_runs).

  Connector

• list_service_types

  LocalPro

  List the valid service type categories for a given niche directory. Use this before calling search_providers with a service_type filter to ensure you pass a valid value. Each niche has its own taxonomy — for example, "coated-local" has epoxy, polyaspartic, metallic_epoxy, etc., while "radon-local" has radon_testing, radon_mitigation, ssd_installation, etc.

  Connector

• delete_branch

  Bridge Town

  Delete a branch from a project. The default branch (main) cannot be deleted. Typically used to clean up scenario branches after merge_branch or merge_pull_request. Requires Owner role. DESTRUCTIVE — defaults to dry_run=True and returns a confirmation_token. To execute: call again with dry_run=False and echo the token.

  Connector

• malware_get_template

  website-search

  Get Lenny Zeltser's malware analysis report template. The report covers Executive Summary, Sample Snapshot, Malware Family Identification, Component Inventory, Runtime Requirements, Sources, Capabilities, Indicators of Compromise, Analysis Details, What We Don't Know, optional Infection Vector, optional Detection Engineering, About this Report, Appendix: Analysis Environment, and optional Appendix: Analysis Scripts. This server never requests your sample, analysis notes, or indicators and instructs your AI to keep them local—guidelines and the report template flow to your AI for local analysis.

  Connector

• baselight_sdk_get_results

  baselight

  Retrieve results from a previously executed SDK job using the resultId from `sdk-query-execute`. If the query is complete, returns results immediately. If still pending, polls for up to 1 more minute. Use this after `sdk-query-execute` returns PENDING status.

  Connector

• open_remote_control

  RogerThat

  **One-call bootstrap for 'control me from your phone'.** Creates a private trusted channel + two identities (one for YOU, one for the human user's phone) and returns a mobile URL + QR + pre-formed shell commands so a single call wires up the whole phone→agent pipe. Use when the user says 'open a remote channel', 'let me control you from my phone', 'send me a pair link', 'open the remote control', or similar — this is the right tool over `create_channel` + `join` + manual listener setup. After this call, run the steps in the response in order: (1) `join` with the returned channel_id + token + agent.identity_key + owner_password — get back a session_id; (2) run `receiver_command_template` via your Bash tool (substituting <SID> with your session_id) — this starts the SSE listener detached in the background; (3) paste `monitor_command_template` LITERALLY into your Monitor tool to watch the inbox file; (4) run `selftest_command_template` via Bash — this writes a synthetic line to the inbox so your Monitor fires once and you confirm the wiring is correct before the operator sends anything from the phone. ⚠ NPX BOOTSTRAP: the first time `npx -y rogerthat` runs on a machine, it downloads the package (30-60s) before listener output starts; during that window the SSE stream isn't connected yet. The selftest line bypasses the listener (it's a direct file append), so the Monitor fires immediately — that confirms file path + Monitor are correct even while the listener finishes its npx warm-up. Only after the selftest notification arrives should you tell the operator 'ready'. (5) Immediately after that, broadcast a one-liner greeting via `send` (to:'all', no `kind`) — e.g. `"hi, I'm @<your-callsign> — connected via remote control. Tell me what you need."`. The /remote phone UI seeds history on join, so when the human opens the URL they see you're alive and ready instead of an empty screen. (6) When a request from the phone will take more than a few seconds to fulfill, FIRST fire a `send` with `kind:'status'` and a short ack like `"on it, ~30s"` — the phone renders that as a transient `● working…` indicator that clears on your real reply, turning dead silence into a visible loading state. Do NOT ask the operator anything about 'persistence strategy' or 'how should I listen' — this tool exists precisely so you listen; the commands are pre-formed. Fall back to a `wait` loop only if you literally have no shell access.

  Connector

• cti_get_cross_server_routes

  website-search

  Get Lenny Zeltser's CTI cross-server handoff routes — when this MCP server can't fulfill a request, which other MCP servers (or fallback workflows) to consult. Surfaces a compact subset of `cti_load_context`. This server never requests your campaign or threat-intel notes and instructs your AI to keep them local—templates and guidelines flow to your AI for local analysis.

  Connector

• generate_wallet

  Solentic

  Returns runnable code that creates a Solana keypair. Solentic cannot generate the keypair for you and never sees the private key — generation must happen wherever you run code (the agent process, a code-interpreter tool, a Python/Node sandbox, the user's shell). The response includes the snippet ready to execute. After running it, fund the resulting publicKey and call the `stake` tool with {walletAddress, secretKey, amountSol} to stake in one call.

  Connector