dynamic-shell-server
by b48f8f5xg2-blip
Overview
This server provides a secure Model Context Protocol (MCP) interface for executing shell commands with an external approval system and process management.
Installation
python dynamic_shell_server.pySecurity Notes
The server's `execute_command` tool defaults to `shell=True` for `asyncio.create_subprocess_shell`, and `run_in_venv` explicitly uses `/bin/bash -c`. This directly contradicts the README's claim of 'No shell execution (prevents injection attacks)'. Furthermore, the advertised '5-minute command timeout' is not implemented in `run_process_in_background`, which uses `process.communicate()` without a timeout, allowing commands to run indefinitely. While an external approval system is described, the server code itself enables highly privileged shell execution without internal safeguards against common vulnerabilities like command injection or hanging processes. The reliance on an external, unspecified approval system for security is a significant concern given the server's direct capabilities.
Similar Servers
ssh-mcp-server
Bridging AI assistants to remote SSH server operations for command execution, file transfer, and server status retrieval via the Model Context Protocol (MCP).
toolhive-studio
ToolHive is a desktop application (Electron UI) for discovering, deploying, and managing Model Context Protocol (MCP) servers in isolated containers, and connecting them to AI agents and clients.
mcp-compose
This server provides a robust example of OAuth2 authentication for MCP (Model Context Protocol) servers, using GitHub as the identity provider. It demonstrates secure multi-server management, protocol translation, and integration with AI agents for tool invocation.
dev-kit-mcp-server
A Model Context Protocol (MCP) server targeted for agent development tools, providing scoped authorized operations in the root project directory.