73
/ 100
19 days ago
github_topic

mcp-shell-server

Secure MCP server for whitelisted shell command execution with stdin, argv pipelines, timeouts, and structured audit logging.

Is this your MCP?

Claim it to get a verified publisher badge, a free copy of our full audit findings, and direct contact for any high-priority issues we find.

Install from

M8ven verifies MCPs across every public registry — install directly from whichever one you prefer.

// key findings
No credential exfiltration, no sensitive file access, no obfuscation
Static analysis found nothing flowing your secrets to unexpected places.
Open source with a license and README
Anyone can audit the code, the license is declared, and the publisher documents what it does.
// required environment variables
This server reads these from process.env. You'll be asked to provide them before it can run.
configALLOW_COMMANDS"": "ls,cat,pwd,grep,wc,touch,find"
configALLOWED_COMMANDS"ls,cat,echo" uvx mcp-shell-server
configALLOW_PATTERNS"python[0-9.],node" # Command-name patterns only
configSHELL
// full audit trail
The full breakdown of what we checked, the deductions that landed, the network hosts, the dependency advisories, and concrete fix guidance is available to verified publishers.
// improvement guidance — verified publishers only
We have 1 concrete improvement we can share with the publisher of this MCP. Each comes with specific guidance to raise the trust score.
// embed badge in your README
[![M8ven Score](https://m8ven.ai/badge/mcp/tumf-mcp-shell-server-1vzavr)](https://m8ven.ai/mcp/tumf-mcp-shell-server-1vzavr)
commit: f33abdda014b6dddd43408ef8dbf8a230d2037b8
code hash: 03a1b5481eaa5b56d726ec28dea8d9c01667360a09d52eedd73a9666fada5a17
verified: 6/17/2026, 11:25:49 AM
view raw JSON →