trigger-happy-mcp
by 0xvm
Overview
Provides a conversational MCP server for host-side job automation and offensive security experimentation, executing shell commands and managing their state.
Installation
python bind/server.pyEnvironment Variables
- MCP_JOB_DIR
Security Notes
CRITICAL RISK: The `start_shell_job` tool, exposed via an unauthenticated API, defaults to `use_shell=True` and directly executes arbitrary commands provided by the client. This allows for trivial remote code execution and shell injection if the server is accessible to untrusted parties. The server is explicitly designed for 'Offensive Security What-Can-Go-Wrong-Experimentation' and described as an 'ignorant, possibly naive, assistant', meaning its inherent danger is a feature, not a bug, for its intended use case. However, from a general security standpoint, it is extremely unsafe for general-purpose deployment or in untrusted environments. No hardcoded secrets were found, and dependencies are standard.
Similar Servers
wcgw
Empowering chat applications to code, build, and run on your local machine by providing tightly integrated shell and code editing tools.
mcp-server-code-execution-mode
This server enables LLM agents to execute Python code in a highly secure, isolated container environment, facilitating complex multi-tool orchestration and data analysis with minimal LLM context token usage.
atomic-red-team-mcp
An MCP server providing tools to search, validate, refresh, and optionally execute Atomic Red Team security tests for threat emulation and security development.
mcp-maintainer-toolkit
This server provides a Model Context Protocol (MCP) interface with various tools and resources designed to assist in maintaining, testing, and developing MCP repositories and clients.