Shellfirm
Safety guardrails for ai coding agents and human terminal commands
What is Shellfirm?
Shellfirm is a Model Context Protocol (MCP) server that allows AI assistants like Claude, Cursor, and VS Code to safety guardrails for ai coding agents and human terminal commands
Safety guardrails for ai coding agents and human terminal commands
This server falls under the Security category on MCPgee, the world's largest MCP server directory with 33,000+ servers.
Features
- Safety guardrails for ai coding agents and human terminal co
Use Cases
Maintainer
Works with
Installation
Manual Installation
npx shellfirmConfiguration
Configuration Details
claude_desktop_config.json
Performance
Response Metrics
Resource Usage
How to Set Up and Use Shellfirm
Shellfirm is a safety layer for terminal commands that intercepts potentially destructive shell operations before they execute, presenting a severity rating, blast-radius explanation, and a math challenge that must be solved to confirm execution. It covers 100+ risk patterns across 9 ecosystems including filesystem destructive commands, git force operations, Kubernetes deletions, Docker volume removal, and AWS resource destruction. As an MCP server it gives AI coding agents like Claude the ability to programmatically check whether a command is risky before running it, suggest safer alternatives, and retrieve team-level policies — preventing accidental data loss in automated workflows.
Prerequisites
- Rust toolchain (for cargo install) or Homebrew (macOS) or Node.js for npm install
- Bash, Zsh, Fish, or another supported shell for the interactive hook
- A Kubernetes cluster configured in kubectl if you want K8s risk patterns active
- An MCP-compatible client such as Claude Code or Claude Desktop
Install shellfirm
Choose the installation method that suits your environment. npm is the quickest option; Homebrew and Cargo are also fully supported.
# npm (global):
npm install -g @shellfirm/cli
# Homebrew (macOS):
brew tap kaplanelad/tap && brew install shellfirm
# Cargo:
cargo install shellfirmInitialize shell integration
Run the init command to auto-detect your shell and install the interception hook. Then restart your shell or source the updated config file.
shellfirm init
# Then restart your shell or run:
source ~/.zshrc # or ~/.bashrcConnect to Claude Code as an MCP server
The 'connect' subcommand installs both the shell hooks and registers shellfirm as an MCP server for Claude Code in a single step.
shellfirm connect claude-codeConfigure team policies (optional)
Create a .shellfirm.yaml file in your project root to define team-level risk policies, customize which patterns are active, and set challenge difficulty based on environment context (e.g., production Kubernetes, SSH sessions).
# .shellfirm.yaml example:
policies:
- pattern: "rm -rf"
severity: critical
require_challenge: true
- pattern: "kubectl delete"
severity: high
suggest_alternative: "kubectl scale --replicas=0"Test the integration
Ask Claude Code to check a risky command using the MCP tools, or try running a dangerous command in your shell to see the challenge prompt appear.
# In your shell (triggers the safety challenge):
rm -rf ./test-folder
# Via MCP client prompt:
# "Check whether 'git push --force origin main' is safe to run"Shellfirm Examples
Client configuration
After running 'shellfirm connect claude-code', shellfirm registers itself automatically. For manual configuration, add it to your Claude Desktop config.
{
"mcpServers": {
"shellfirm": {
"command": "shellfirm",
"args": ["mcp"]
}
}
}Prompts to try
Use these prompts with Claude Code to leverage shellfirm's four MCP tools: check_command, suggest_alternative, explain_risk, and get_policy.
- "Check whether 'kubectl delete namespace production' is safe to run"
- "Suggest a safer alternative to 'git push --force origin main'"
- "Explain the risk of running 'DROP TABLE users' in my database"
- "What is the current shellfirm policy for AWS destructive commands?"Troubleshooting Shellfirm
Shell hook is not triggering — risky commands execute without a challenge
Run 'shellfirm init' again to verify the hook was written to your shell config, then source the file or restart your terminal. Check that the hook line appears at the end of ~/.zshrc or ~/.bashrc.
Claude Code cannot find the shellfirm MCP server after running connect
Verify that shellfirm is on your PATH by running 'which shellfirm'. If it was installed via npm with -g, ensure your npm global bin directory is in PATH. Then run 'shellfirm connect claude-code' again and restart Claude Code.
MCP tool 'check_command' returns an error about unknown patterns
Update shellfirm to the latest version ('npm install -g @shellfirm/cli@latest' or 'cargo install shellfirm') as new risk patterns are added in releases. The pattern database is bundled with the binary.
Frequently Asked Questions about Shellfirm
What is Shellfirm?
Shellfirm is a Model Context Protocol (MCP) server that safety guardrails for ai coding agents and human terminal commands It connects AI assistants to external tools and data sources through a standardized interface.
How do I install Shellfirm?
Follow the installation instructions on the Shellfirm GitHub repository. Clone the repo, install dependencies, and add the server config to your AI client.
Which AI clients work with Shellfirm?
Shellfirm works with all major MCP-compatible AI clients including Claude Desktop, Claude Code, Cursor, VS Code (GitHub Copilot), Windsurf, and Cline.
Is Shellfirm free to use?
Yes, Shellfirm is open source and available under the Apache-2.0 license. You can use it freely in both personal and commercial projects.
Shellfirm Alternatives — Similar Security Servers
Looking for alternatives to Shellfirm? Here are other popular security servers you can use with Claude, Cursor, and VS Code.
Casdoor
★ 13.6kAn open-source Agent-first Identity and Access Management (IAM) /LLM MCP & agent gateway and auth server with web UI supporting OpenClaw, MCP, OAuth, OIDC, SAML, CAS, LDAP, SCIM, WebAuthn, TOTP, MFA, Face ID, Google Workspace, Azure AD
ghidraMCP
★ 9.0kAn Model Context Protocol server that enables LLMs to autonomously reverse engineer applications by exposing Ghidra's decompilation and analysis tools. It allows AI agents to list code structures, rename methods, and analyze binaries directly through
HexStrike AI
★ 8.9kHexStrike AI MCP Agents is an advanced MCP server that lets AI agents (Claude, GPT, Copilot, etc.) autonomously run 150+ cybersecurity tools for automated pentesting, vulnerability discovery, bug bounty automation, and security research. Seamlessly b
IDA Pro MCP
★ 8.7kEnables AI-assisted reverse engineering in IDA Pro by providing tools to analyze binaries, decompile functions, manage comments, search patterns, and interact with the IDA database through natural language.
Anthropic Cybersecurity Skills
★ 6.6k754 structured cybersecurity skills for AI agents · Mapped to 5 frameworks: MITRE ATT&CK, NIST CSF 2.0, MITRE ATLAS, D3FEND & NIST AI RMF · agentskills.io standard · Works with Claude Code, GitHub Copilot, Codex CLI, Cursor, Gemini CLI & 20+ platform
Hooker
★ 5.1k🔥🔥 hooker is a Frida-based reverse engineering toolkit for Android. It offers a user-friendly CLI, universal scripts, auto hook generation, memory roaming to detect activities/services, one-click SOCKS5 proxy setup, Frida JustTrustMe, and BoringSSL u
Browse More Security MCP Servers
Explore all security servers available in the MCPgee directory. Each server includes setup guides for Claude, Cursor, and VS Code.
Set Up Shellfirm in Your Editor
Choose your AI client for step-by-step setup instructions.
Quick Config Preview
Add this to your claude_desktop_config.json or .cursor/mcp.json
Ready to use Shellfirm?
Browse our complete directory of 33,000+ MCP servers, read setup guides for your editor, and start building with the Model Context Protocol.