mcp-bash-framework
Verified Safeby yaniv-golan
Overview
A Bash-based framework for building and running Micro-service Context Protocol (MCP) servers, enabling the creation of custom AI-integrable tools, resources, prompts, and completions.
Installation
mcp-bashEnvironment Variables
- MCPBASH_PROJECT_ROOT
- MCPBASH_REMOTE_TOKEN
- MCPBASH_TOOL_ALLOWLIST
- MCPBASH_TOOL_ENV_MODE
- MCP_REGISTRY_TOKEN
Security Notes
The framework demonstrates a high commitment to security, especially for a Bash environment. It features robust environment isolation for subprocesses (tools, providers) to prevent information leakage and privilege escalation. Extensive path validation and root containment checks guard against path traversal. Project-level shell scripts (hooks) are subject to strict ownership and permission checks, mitigating local privilege escalation risks. Input is sanitized, heavily relying on 'jq'/'gojq' for JSON processing to reduce shell injection risks. Remote authentication with constant-time token comparison helps secure proxied deployments. Network policy functions aid in preventing Server-Side Request Forgery (SSRF). 'eval' is explicitly avoided in critical path operations.
Similar Servers
tmcp
A server implementation for the Model Context Protocol (MCP) to enable LLMs to access external context and tools.
Polymcp
A comprehensive TypeScript framework for building and orchestrating Model Context Protocol (MCP) servers and AI agents, enabling LLMs to intelligently discover, select, and execute external tools.
mcp-use-cli
An interactive command-line interface (CLI) tool for connecting to and interacting with Model Context Protocol (MCP) servers using natural language, acting as an AI client that orchestrates LLM responses with external tools.
MCP-Agent
An autonomous AI agent designed to discover, connect to, and utilize tools and resources from various Model Context Protocol (MCP) servers to accomplish tasks.