You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+3-3Lines changed: 3 additions & 3 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -58,15 +58,15 @@ thv run ghcr.io/stackloklabs/model-context-shell:latest --network host --foregro
58
58
thv run ghcr.io/stackloklabs/model-context-shell:latest --foreground --transport streamable-http
59
59
```
60
60
61
-
Use a specific version tag (e.g., `:v0.0.3`) instead of `:latest` for reproducible deployments.
61
+
Once running, MCP Shell is available to any AI agent that ToolHive supports — no additional integration required.
62
62
63
63
## Security
64
64
65
-
MCP Shell is designed with security in mind:
65
+
MCP Shell runs in a containerized environment through ToolHive, so commands have no direct access to the user's filesystem — only through explicitly configured MCP servers.
66
66
67
+
-**Containerized**: Runs isolated from the host system
67
68
-**Command Whitelisting**: Only safe, read-only data transformation commands are allowed
68
69
-**No Shell Injection**: Commands are executed with `shell=False`, args passed separately
69
-
-**Sandboxed Execution**: No access to arbitrary file system or network operations
70
70
-**MCP Tools Only**: All external operations go through approved MCP servers
0 commit comments