File size: 6,639 Bytes

---
license: mit
tags:
  - mcp
  - claude
  - shell
  - ssh
  - windows
  - dotnet
language:
  - en
---

# Shell MCP Server

Terminal access for Claude with two security modes, plus SSH bridge for remote servers.

## Features

- **Local shell** with safe/dangerous command separation
- **SSH Bridge** - GUI app for secure remote server access
- **Lift Pen** - Pause Claude's command execution instantly
- **Sudo support** - Auto-send password for sudo commands (opt-in)
- **Full visibility** - See every command Claude runs in real-time
- **Background processes** - Spawn and manage long-running tasks
- **File operations** - Write files without shell escaping issues

## Quick Start (Pre-built Binaries)

Download from the `release/` folder:
- `shell-mcp.dll` - MCP server for Claude Desktop
- `ssh-bridge.exe` - GUI for SSH connections

No build required - just configure Claude Desktop (see below).

## Components

### 1. Shell MCP (`shell-mcp.dll`)
Local Windows terminal access with configurable command allowlists.

### 2. SSH Bridge (`ssh-bridge.exe`)
WinForms GUI that:
- You authenticate with password (held in memory only)
- Claude sends commands through it
- Real-time output display with syntax highlighting
- **Lift Pen** button to pause Claude instantly
- **Sudo** button to enable auto-password for sudo commands
- **Pin** button to keep window on top
- Right-click context menu: Copy, Copy All, Clear

## Installation

### Option 1: Use Pre-built Binaries
1. Download files from `release/` folder
2. Configure Claude Desktop (see below)

### Option 2: Build from Source

**Prerequisites:**
- .NET 8.0 SDK
- Windows 10/11

```bash
git clone https://github.com/FreeOnlineUser/shell-mcp.git
cd shell-mcp
dotnet restore
dotnet build ShellMcp.csproj -c Release
dotnet build SshBridge.csproj -c Release
```

### Configure Claude Desktop

Edit `%APPDATA%\Claude\claude_desktop_config.json`:

```json
{
  "mcpServers": {
    "shell_safe": {
      "command": "dotnet",
      "args": ["C:\\path\\to\\release\\shell-mcp.dll"],
      "env": {
        "SHELL_MCP_MODE": "safe",
        "SHELL_MCP_START_DIR": "C:\\your\\workspace",
        "SSH_BRIDGE_PATH": "C:\\path\\to\\release\\ssh-bridge.exe"
      }
    },
    "shell_dangerous": {
      "command": "dotnet",
      "args": ["C:\\path\\to\\release\\shell-mcp.dll"],
      "env": {
        "SHELL_MCP_MODE": "dangerous",
        "SHELL_MCP_START_DIR": "C:\\your\\workspace",
        "SSH_BRIDGE_PATH": "C:\\path\\to\\release\\ssh-bridge.exe"
      }
    }
  }
}
```

**Approval settings:**
- `shell_safe` → "Allow always"
- `shell_dangerous` → "Allow once" (asks every time)

## Tools

### Local Shell
| Tool | Description |
|------|-------------|
| `Shell` | Execute a local command with optional timeout |
| `Pwd` | Get current working directory |
| `ShellInfo` | Show mode and list of allowed commands |
| `ShellBatch` | Run multiple commands in sequence |

### SSH Tools
| Tool | Description |
|------|-------------|
| `SshCommand` | Execute command on remote server |
| `SshStatus` | Check if SSH Bridge is connected |
| `SshPrefill` | Pre-fill connection details and optionally auto-connect |
| `SshPenStatus` | Check if user has paused execution (pen lifted) |
| `SshPenDown` | Request to resume execution |
| `SshAbort` | Send Ctrl+C to abort running command |
| `SshIsRunning` | Check if a command is currently executing |
| `SshSetTimeout` | Set timeout for next command (1-3600 seconds) |
| `SshTail` | Get last 50 lines of terminal output |
| `SshKillPort` | Kill process listening on a specific port |
| `SshSpawn` | Start a background process with a trackable name |
| `SshListSpawned` | List all tracked background processes |
| `SshKillSpawned` | Kill a background process by name |
| `SshWriteFile` | Write content to file without shell escaping |
| `SshAppendFile` | Append content to file without shell escaping |

## SSH Bridge Features

### Lift Pen (Pause Claude)
Click **Lift Pen** to immediately pause Claude's command execution. Any running command is aborted, and new commands are blocked until you click again to resume. Perfect for:
- Reviewing what Claude is doing
- Taking manual control temporarily
- Emergency stop

### Sudo Support
Click **Sudo** to enable auto-password entry for sudo commands. When enabled:
- Claude can run `sudo` commands without prompting
- Your password is sent automatically when sudo asks
- Password is only held in memory while connected

### Pin Window
Click **Pin** to keep the SSH Bridge window always on top.

### Interactive Command Blocking
The bridge automatically blocks interactive commands that would break the shell:
- **Editors:** vim, nano, emacs (use `echo` or `SshWriteFile` instead)
- **Pagers:** less, more (use `cat`, `head`, `tail` instead)
- **TUI apps:** htop, top (use `top -b -n 1` or `ps aux`)
- **Databases:** mysql, psql (use `-e` or `-c` flags for queries)
- **Multiplexers:** tmux, screen (not supported)

Each blocked command shows helpful alternatives.

## Security Model

### shell_safe (approve once)
Read-only and build commands:
- `dir`, `ls`, `type`, `cat`, `head`, `tail`, `find`, `grep`, `pwd`, `cd`, `tree`
- `echo`, `date`, `time`, `whoami`, `hostname`
- `git status`, `git log`, `git diff`, `git branch`, `git remote`, `git fetch`, `git show`
- `dotnet build`, `dotnet run`, `dotnet test`, `dotnet restore`
- `npm install`, `npm run`, `npm test`, `npm list`, `npm ci`
- `node --version`, `yarn install`, `yarn build`, `yarn test`

### shell_dangerous (approve each time)
Modifying commands:
- `del`, `rm`, `rmdir`, `move`, `copy`, `mkdir`
- `git push`, `git pull`, `git merge`, `git rebase`, `git reset`, `git commit`, `git add`
- `taskkill`, `shutdown`
- `npm install -g`, `npm uninstall`

### Always blocked
- `format`, `diskpart`, `reg`, `regedit`
- `net user`, `net localgroup`
- `powershell -enc`, `rm -rf /`, `del /s /q c:\`

### SSH Bridge Security
- Password held in memory only - never written to disk
- Lift Pen for instant pause
- Disconnect for instant revoke
- All commands visible in real-time
- Sudo disabled by default

## Output Handling

- Large outputs are automatically truncated (last 150 lines returned to Claude)
- Maximum 500KB per response
- Real-time streaming display in SSH Bridge window
- ANSI escape codes stripped for clean output

## Dependencies

- [ModelContextProtocol](https://www.nuget.org/packages/ModelContextProtocol) - MCP SDK for .NET
- [SSH.NET](https://www.nuget.org/packages/SSH.NET) - SSH client library
- [BouncyCastle](https://www.nuget.org/packages/BouncyCastle.Cryptography) - Cryptography (SSH.NET dependency)

## License

MIT