command-runner-mcp-server
Verified Safeby kdspaul
Overview
Provides a sandboxed command execution environment for AI coding assistants, enabling controlled directory listing and Git operations with robust output transformations and security features.
Installation
npx @modelcontextprotocol/inspector ./target/debug/command-runner-mcp-server-rustEnvironment Variables
- BLOCKED_PATHS
Security Notes
The server implements comprehensive security measures to prevent common command execution vulnerabilities. This includes robust shell injection prevention (blocking a wide range of dangerous characters in arguments and environment variables), path traversal prevention ('..' blocked), configurable path blocking (via BLOCKED_PATHS environment variable with symlink resolution), flag injection prevention, restrictions on dangerous environment variables (e.g., LD_PRELOAD, PATH), and explicit whitelisting of allowed Git subcommands. Output transformations (grep, sort, head, tail, unique) are implemented natively in Rust using the regex crate, eliminating risks associated with piping to external shell utilities. The use of `std::process::Command::new` and its `arg`/`args` methods further ensures commands are not executed via a shell. Extensive unit tests for security components are also present.
Similar Servers
tinystruct-mcp
A modular Java server providing a JSON-RPC interface for file system and Git/GitHub operations, aimed at automation and DevOps workflows.
dev-kit-mcp-server
A Model Context Protocol (MCP) server targeted for agent development tools, providing scoped authorized operations in the root project directory.
mcp-maintainer-toolkit
This server provides a Model Context Protocol (MCP) interface with various tools and resources designed to assist in maintaining, testing, and developing MCP repositories and clients.
docker-mcp-server
A Model Context Protocol (MCP) server for containerized execution and file operations, enabling AI assistants to interact with a Docker environment via HTTP.