playbooks

home / mcp / shell command mcp server

Shell Command MCP Server

Provides a secure, isolated workspace to execute shell commands inside a Docker container with synchronous and asynchronous modes.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "kaznak-shell-command-mcp": {
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "--mount",
        "type=bind,src=/Users/your-username/MCPHome,dst=/home/mcp",
        "ghcr.io/kaznak/shell-command-mcp:latest"
      ]
    }
  }
}

You can run shell commands inside an isolated Docker workspace using this MCP server. It gives you a secure, non-host access environment to execute scripts and manage outputs, while keeping your host system safe and your files owned by you.

How to use

You interact with the MCP server through an MCP client. Start the server container as shown in the installation steps, then configure your client to connect to the container. Once connected, you can run synchronous commands or asynchronous shell scripts. Choose your preferred output mode to receive updates as the command progresses: complete (notification when finished), line (updates on each output line), chunk (updates on each output chunk), or character (updates on every character). Commands and scripts execute inside the isolated workspace mounted from your host so you retain file ownership and permissions.

How to install

Prerequisites you need before you begin:

Install Docker on your machine. Docker provides the isolated runtime for the MCP server workspace.

{
  "mcpServers": [
    {
      "type": "stdio",
      "name": "shell_command_mcp_mac",
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "--mount",
        "type=bind,src=/Users/user-name/MCPHome,dst=/home/mcp",
        "ghcr.io/kaznak/shell-command-mcp:latest"
      ]
    },
    {
      "type": "stdio",
      "name": "shell_command_mcp_win",
      "command": "docker",
      "args": [
        "run",
        "--rm",
        "-i",
        "--mount",
        "type=bind,src=\\wsl.localhost\\Ubuntu\\home\\user-name\\MCPHome,dst=/home/mcp",
        "ghcr.io/kaznak/shell-command-mcp:latest"
      ]
    }
  ]
}

Additional setup notes

Ensure your host directory used for persistence is accessible and has proper permissions. The container runs with a non-root user, and the host directory is mounted to /home/mcp inside the container to synchronize ownership and permissions with your host files. If the host directory is empty, initial files will be copied from the container backup to bootstrap your workspace.

Security and maintenance

The MCP server operates inside a container with no access to the host Docker daemon, reducing risk exposure. Your workspace is isolated from the host system, and all file operations occur within the mounted /home/mcp directory. Regularly update the container image to benefit from the latest security patches and feature enhancements.

Available tools

execute-bash-script-sync

Run a shell script synchronously inside the container and return the final exit status and output.

execute-bash-script-async

Run a shell script asynchronously inside the container and receive progress updates based on the selected notification mode (complete, line, chunk, character).