fix(shell_executor.py): update _create_shell_command to preserve wildcards for shell expansion while escaping other arguments to prevent shell injection

Author: tumf

src/mcp_shell_server/shell_executor.py

@@ -44,15 +44,21 @@ def _clean_command(self, command: List[str]) -> List[str]:
     def _create_shell_command(self, command: List[str]) -> str:
         """
         Create a shell command string from a list of arguments.
-        Properly escapes all arguments to prevent shell injection.
+        Wildcards (*?[]) are preserved for shell expansion.
 
         Args:
             command (List[str]): Command and its arguments
 
         Returns:
             str: Shell-safe command string
         """
-        return " ".join(shlex.quote(arg) for arg in command)
+        escaped_args = []
+        for arg in command:
+            if any(char in arg for char in "*?[]"):
+                escaped_args.append(arg)
+            else:
+                escaped_args.append(shlex.quote(arg))
+        return " ".join(escaped_args)
 
     def _validate_command(self, command: List[str]) -> None:
         """