Show HN: Shell-MCP, per-directory shell allowlisting for Claude Desktop

Category: security

Tags: ai, mcp, shell-security, claude, rust

Score: 7.0/10 (Innovation: 6, Technical: 8, Documentation: 8, Utility: 6)

Shell-MCP provides a per-directory allowlisted shell execution tool for Claude Desktop and MCP clients, balancing safety and usability by enforcing a layered security model with a read-only default allowlist and opt-in write permissions. It uses a git-like TOML configuration discovery, rejects shell metacharacters, and runs commands directly without invoking a shell, making it a practical solution for granting controlled shell access to LLMs.

Target audience: backend devs, devops, ai engineers

Repository: https://github.com/devrelopers/shell-mcp · Rust · MIT · 1 stars

View on Hacker News