tmux-mcp
by nickgnd
Overview
Enables AI assistants to interact with, control, and observe tmux terminal sessions.
Installation
npx -y tmux-mcpSecurity Notes
The `executeCommand` tool, and consequently the underlying `tmux.executeCommand` function, is highly vulnerable to command injection. User-provided commands are directly interpolated into shell commands (e.g., `echo "START"; ${command}; echo "END"`) before being sent via `tmux send-keys`. This allows an attacker (or a misbehaving AI) to inject arbitrary shell commands (e.g., by using `;`, `&`, `|`, `$(...)`, or backticks) which will be executed by the target shell within the tmux pane. While the code attempts to escape single quotes, this is insufficient to prevent shell metacharacter injection. The `rawMode` and `noEnter` options explicitly bypass command wrapping, sending raw, unsanitized input directly, further increasing the risk. The README includes a warning, but the fundamental execution mechanism remains a critical security risk.
Similar Servers
DesktopCommanderMCP
Enables an AI agent to interact with the local filesystem and terminal, execute commands, analyze data, and perform code editing.
claude-code-mcp
Provides an MCP server to allow LLMs to directly invoke Claude Code CLI for complex coding, file system, and Git operations, bypassing interactive permission prompts.
consult-llm-mcp
Facilitates Claude Code to consult powerful external AI models for complex code analysis, debugging, and review tasks.
stt-mcp-server-linux
Provides a local speech-to-text server for Linux, integrating with the Claude Code editor via push-to-talk functionality and Tmux for text injection.