secure-cluster-mcp
Verified Safeby FlorianSp2000
Overview
Manage SLURM cluster jobs for ML experiments using AI assistants, enabling seamless experiment management, code transfer, job submission, and monitoring with safety guardrails.
Installation
secure-cluster-mcpEnvironment Variables
- CLUSTER_HOST
- CLUSTER_USER
- REMOTE_BASE_PATH
- SSH_KEY_PATH
- DRY_RUN
- LOG_DIR
- RATE_LIMIT_COMMANDS
- RATE_LIMIT_WINDOW_SECONDS
- LOG_TAIL_LINES
- STATE_DIR
Security Notes
The server implements strong guardrails including strict path validation (`validate_remote_path`) to confine operations to `REMOTE_BASE_PATH`, a comprehensive blocklist (`DANGEROUS_PATTERNS`) for hazardous commands like `rm -rf`, and rate limiting to prevent cluster spam. A significant security concern is that `DRY_RUN` mode defaults to `False` in `src/secure_cluster_mcp/config.py`. This means the server will perform real cluster operations immediately upon launch unless the user explicitly sets `DRY_RUN=true` in their `.env`. While `CLAUDE.md` instructs AI agents to prioritize `DRY_RUN=true`, the application's default behavior is risky for first-time users or accidental deployments. The SSH client uses `paramiko.AutoAddPolicy()`, which automatically adds unknown host keys, a convenience that slightly reduces security compared to manual host key verification.
Similar Servers
ssh-mcp-server
Bridging AI assistants to remote SSH server operations for command execution, file transfer, and server status retrieval via the Model Context Protocol (MCP).
mcp-kubernetes
Enables AI assistants to interact with and debug Kubernetes clusters by translating natural language requests into Kubernetes operations.
gitlab-mr-mcp
Connects an AI assistant to GitLab to manage merge requests, CI/CD pipelines, and code reviews, enabling natural language interaction.
mcp-ssh-orchestrator
Provides secure, policy-driven SSH orchestration for AI agents to manage server infrastructure with audit logging, enforcing zero-trust principles.