cli
Command line interface for MCP clients with secure execution and customizable security policies
claude mcp add --transport stdio mladensu-cli-mcp-server uvx cli-mcp-server \ --env ALLOWED_DIR="<path/to/allowed/working/directory>" \ --env ALLOWED_FLAGS="-l,-a,--help,--version" \ --env COMMAND_TIMEOUT="30" \ --env ALLOWED_COMMANDS="ls,cat,pwd,echo" \ --env MAX_COMMAND_LENGTH="1024" \ --env ALLOW_SHELL_OPERATORS="false"
How to use
The CLI MCP Server provides a secure interface to execute controlled command-line operations. It enforces a strict command and flag whitelist, validates working directories, and supports optional execution timeouts to prevent long-running tasks. Two tools are exposed: run_command, which executes whitelisted CLI commands within a permitted directory, and show_security_rules, which returns the current security configuration. To integrate with Claude Desktop, you configure the MCP server in Claude's client config, pointing to the uvx-based server invocation for publishing or development workflows. The server is designed to be used by LLM-driven workflows that require safe, auditable CLI access rather than open shell access.
How to install
Prerequisites:
- Python 3.10+
- MCP protocol tooling (uv/uvx) installed and available in PATH
Installation steps:
-
Obtain the CLI MCP Server source (e.g., clone the repository): git clone https://github.com/MladenSU/cli-mcp-server.git cd cli-mcp-server
-
Set up a Python virtual environment (recommended): python -m venv venv source venv/bin/activate # on macOS/Linux venv\Scripts\activate # on Windows
-
Install dependencies (if a requirements.txt exists): pip install -r requirements.txt
-
Run the server for development/publishing via MCP tooling:
Development (using uv CLI tool)
uv run cli-mcp-server
Published/production (using uvx CLI tool)
uvx cli-mcp-server
-
Verify the server starts and is reachable through your MCP client (e.g., Claude Desktop) with the appropriate environment variables (ALLOWED_DIR, ALLOWED_COMMANDS, ALLOWED_FLAGS, MAX_COMMAND_LENGTH, COMMAND_TIMEOUT, ALLOW_SHELL_OPERATORS).
Note: If you are upgrading or publishing to PyPI, follow your usual packaging workflow (uv sync, uv build, uv publish) as described in the project's Development section.
Additional notes
Tips and common issues:
- Ensure ALLOWED_DIR is an absolute path and accessible by the running process; misconfigurations will block command execution.
- When ALLOWED_COMMANDS or ALLOWED_FLAGS is set to 'all', be aware of increased risk; only enable this in trusted environments.
- If commands involve long-running processes, adjust COMMAND_TIMEOUT accordingly and consider increasing MAX_COMMAND_LENGTH if needed.
- For development debugging, enable ALLOW_SHELL_OPERATORS only if you explicitly need to support operators like && or |, and confirm your environment is secure.
- When integrating with Claude Desktop, use the provided examples in the README to configure either development (uv) or published (uvx) workflows.
- If you encounter UI issues in Claude, clear the cache as suggested in the README: uv clean.
Related MCP Servers
mcp-vegalite
MCP server from isaacwasserman/mcp-vegalite-server
github-chat
A Model Context Protocol (MCP) for analyzing and querying GitHub repositories using the GitHub Chat API.
nautex
MCP server for guiding Coding Agents via end-to-end requirements to implementation plan pipeline
pagerduty
PagerDuty's official local MCP (Model Context Protocol) server which provides tools to interact with your PagerDuty account directly from your MCP-enabled client.
futu-stock
mcp server for futuniuniu stock
mcp -boilerplate
Boilerplate using one of the 'better' ways to build MCP Servers. Written using FastMCP
