Show HN: Shell-MCP, per-directory shell allowlisting for Claude Desktop (github.com)

A new tool, shell-mcp, has been introduced to facilitate scoped, allowlisted shell access for Claude Desktop and other Model Context Protocol (MCP) clients. Developed in Rust, shell-mcp provides two primary functionalities, shell_exec and shell_describe, utilizing a layered safety model that grants read access by default while allowing users to opt into write access on a per-directory basis. This approach strikes a balance between the risks of unsecured shell access and the cumbersome requirement of pre-defining every command, offering a curated, platform-aware read-only allowlist that includes essential commands like `ls` and `git status`. This tool is significant for the AI/ML community as it enhances the security and usability of interactions with machine learning models in local environments. By enforcing strict rules, such as rejecting shell metacharacters and utilizing an extensive denylist for risky commands, shell-mcp minimizes the likelihood of unintended consequences during model execution. Configuration is made user-friendly through `.shell-mcp.toml` files that can be tailored per project, allowing developers to maintain safe environments while still leveraging the powerful capabilities of AI-driven tools. The initial release is accompanied by a stable schema for the MCP wire shape and TOML, paving the way for future enhancements, including pipeline support and more fine-grained environmental controls.