wcgw
by rusiaaman
Overview
Empowering chat applications to code, build, and run on your local machine by providing tightly integrated shell and code editing tools.
Installation
uvx wcgw@latestEnvironment Variables
- OPENAI_API_KEY
- OPENAI_ORG_ID
- ANTHROPIC_API_KEY
- WCGW_SERVER_INSTRUCTIONS
- EDITOR
- TMPDIR
- XDG_DATA_HOME
Security Notes
The server's core functionality, the 'BashCommand' tool, executes arbitrary shell commands directly via `pexpect.spawn`. While the project explicitly warns users ('do not allow BashCommand tool without reviewing the command'), implements `assert_single_statement` to prevent simple multi-statement injections, and includes file protection mechanisms (e.g., requiring a read before edit, tracking read ranges and file hashes), it still represents a significant security risk. If an attacker or an uncontrolled LLM gains access, they could execute malicious commands, leading to data loss, unauthorized access, or system compromise. The provided 'modes' (e.g., 'architect' for read-only) offer some mitigation, but the 'wcgw' mode has no restrictions.
Similar Servers
cclsp
Integrate LLM-based coding agents with Language Server Protocol (LSP) servers to enable robust code navigation, symbol resolution, and refactoring across various programming languages.
tenets
Provides intelligent, token-optimized code context and automatically injects guiding principles to AI coding assistants for enhanced understanding and consistent interactions.
athena-protocol
An intelligent MCP server that acts as an AI tech lead for coding agents, providing expert validation, impact analysis, and strategic guidance before code changes are made.
ai-skills-hub
Provides AI assistants with access to a team's coding standards, best practices, and knowledge base by dynamically loading Markdown skill files via an MCP server.