Back to Home
nikhildx icon

umcp

Verified Safe

by nikhildx

View Source

Overview

Securely enables AI assistants and automation tools to administer Ubuntu Linux systems through authenticated and whitelisted operations.

Installation

Run Command
umcp --transport http --port 8000

Environment Variables

  • UMCP_NAME
  • UMCP_VERSION
  • UMCP_ENVIRONMENT
  • UMCP_TRANSPORT__STDIO_ENABLED
  • UMCP_TRANSPORT__HTTP_ENABLED
  • UMCP_TRANSPORT__HTTP_HOST
  • UMCP_TRANSPORT__HTTP_PORT
  • UMCP_TRANSPORT__SSE_ENABLED
  • UMCP_TRANSPORT__SSE_PATH
  • UMCP_TRANSPORT__OPENAPI_PATH
  • UMCP_TRANSPORT__DOCS_PATH
  • UMCP_SECURITY__AUTH_TYPE
  • UMCP_SECURITY__JWT_SECRET
  • UMCP_SECURITY__JWT_ALGORITHM
  • UMCP_SECURITY__JWT_EXPIRATION
  • UMCP_SECURITY__API_KEYS_FILE
  • UMCP_SECURITY__RATE_LIMITING_ENABLED
  • UMCP_SECURITY__RATE_LIMIT_PER_MINUTE
  • UMCP_SECURITY__TLS_ENABLED
  • UMCP_SECURITY__TLS_CERT_FILE
  • UMCP_SECURITY__TLS_KEY_FILE
  • UMCP_WHITELIST__CONFIG_FILE
  • UMCP_WHITELIST__RELOAD_INTERVAL
  • UMCP_LOGGING__LEVEL
  • UMCP_LOGGING__FORMAT
  • UMCP_LOGGING__OUTPUT
  • UMCP_LOGGING__FILE_PATH
  • UMCP_LOGGING__AUDIT_FILE
  • UMCP_LOGGING__MAX_SIZE_MB
  • UMCP_LOGGING__BACKUP_COUNT
  • UMCP_PERFORMANCE__MAX_CONCURRENT_REQUESTS
  • UMCP_PERFORMANCE__COMMAND_TIMEOUT
  • UMCP_PERFORMANCE__MAX_OUTPUT_SIZE
  • UMCP_FEATURES__HOT_RELOAD
  • UMCP_FEATURES__METRICS
  • UMCP_FEATURES__HEALTH_CHECK

Security Notes

The project demonstrates a strong "security first" approach. It employs multi-layered security including API key/JWT authentication, Role-Based Access Control (RBAC), extensive command, path, user, git repository, APT package, and systemd service whitelisting, and comprehensive audit logging. Command execution primarily uses `asyncio.create_subprocess_exec` with list arguments, which is safer than shell execution. A `execute_shell` method exists but is explicitly warned against for untrusted input. There are no apparent hardcoded critical secrets in the provided truncated code (example API keys are in a `.example` file, and JWT secret is expected from environment variables). Rate limiting and TLS are configurable features. Robust input validation and sanitization are implemented to prevent command injection and path traversal.

Similar Servers

toolhive-studio

80

ToolHive is a desktop application (Electron UI) for discovering, deploying, and managing Model Context Protocol (MCP) servers in isolated containers, and connecting them to AI agents and clients.

Other
5
$High

mcp-server-aws-sso

10

Connects AI assistants to AWS accounts via IAM Identity Center (AWS SSO) enabling natural language interaction, secure AWS CLI command execution, and EC2 instance management.

Other
4
$Medium

mcp-ssh-manager

10

Manages remote SSH servers via the Model Context Protocol (MCP), enabling AI assistants like Claude Code and OpenAI Codex to execute commands, transfer files, monitor health, and automate DevOps tasks.

8
$High

mcp

4

The MCP Server provides an AI-powered framework for command execution, plugin-based tools, secure Python evaluation, and knowledge management, designed for standalone or embedded use.

4
$Medium

Stats

Interest Score0
Security Score9
Cost ClassLow
Stars0
Forks0
Last Update2025-12-06

Tags

mcpubuntusystem-administrationai-automationdevopssecurity