Smithery

GitHubDiscord
DocsAdd Server

CLICLI

cli-mcp-server
GitHubMladenSU/cli-mcp-serverHomepage

Command line interface for executing controlled CLI operations with robust security features including command whitelisting, path validation, and execution controls.

A secure Model Context Protocol (MCP) server implementation for executing controlled command-line operations with comprehensive security features.

Table of Contents

  1. Overview
  2. Features
  3. Configuration
  4. Available Tools
  5. Security Features
  6. Error Handling

Overview

This MCP server enables secure command-line execution with robust security measures including command whitelisting, path validation, and execution controls. Perfect for providing controlled CLI access to LLM applications while maintaining security.

Features

  • 🔒 Secure command execution with strict validation
  • ⚙️ Configurable command and flag whitelisting with 'all' option
  • 🛡️ Path traversal prevention and validation
  • 🚫 Shell operator injection protection
  • ⏱️ Execution timeouts and length limits
  • 📝 Detailed error reporting
  • 🔄 Async operation support
  • 🎯 Working directory restriction and validation

Configuration

Configure the server using environment variables:

| Variable | Description | Default | |---------------------|------------------------------------------------------|-------------------| | ALLOWED_DIR | Base directory for command execution (Required) | None (Required) | | ALLOWED_COMMANDS | Comma-separated list of allowed commands or 'all' | ls,cat,pwd | | ALLOWED_FLAGS | Comma-separated list of allowed flags or 'all' | -l,-a,--help | | MAX_COMMAND_LENGTH| Maximum command string length | 1024 | | COMMAND_TIMEOUT | Command execution timeout (seconds) | 30 |

Note: Setting ALLOWED_COMMANDS or ALLOWED_FLAGS to 'all' will allow any command or flag respectively.

Available Tools

run_command

Executes whitelisted CLI commands within allowed directories.

Input Schema:

Security Notes:

  • Shell operators (&&, |, >, >>) are not supported
  • Commands must be whitelisted unless ALLOWED_COMMANDS='all'
  • Flags must be whitelisted unless ALLOWED_FLAGS='all'
  • All paths are validated to be within ALLOWED_DIR

show_security_rules

Displays current security configuration and restrictions, including:

  • Working directory
  • Allowed commands
  • Allowed flags
  • Security limits (max command length and timeout)

Security Features

  • ✅ Command whitelist enforcement with 'all' option
  • ✅ Flag validation with 'all' option
  • ✅ Path traversal prevention and normalization
  • ✅ Shell operator blocking
  • ✅ Command length limits
  • ✅ Execution timeouts
  • ✅ Working directory restrictions
  • ✅ Symlink resolution and validation

Error Handling

The server provides detailed error messages for:

  • Security violations (CommandSecurityError)
  • Command timeouts (CommandTimeoutError)
  • Invalid command formats
  • Path security violations
  • Execution failures (CommandExecutionError)
  • General command errors (CommandError)

Installation

Install Command

Integrate this tool for Claude Desktop.

Report Bug

Server Statistics

UsageUsed 25 times last month
LicenseMIT
LocalYes
Published12/13/2024