Title: Critical Security Issue: Unrestricted Command Execution in mcp-cli-exec
Describe the vulnerability
The cli-exec-raw and cli-exec tools in jakenuts/mcp-cli-exec currently execute commands without any form of validation, filtering, or security checks, presenting a severe security risk. This fundamental flaw allows the execution of any arbitrary system command without restriction, including highly destructive operations that could result in catastrophic system damage.
For example, the tool would readily execute dangerous commands like rm -rf / (which recursively deletes system files) or mkfs (which formats storage devices) with no safeguards. This complete lack of command validation is the primary security concern, as it leaves systems vulnerable to malicious actors or accidental misuse that could lead to data loss or system compromise.
The relevant code in src/executor.ts (lines 13-19) demonstrates this unfiltered execution flow:
const result = await execa(command, [], {
cwd: cwd,
shell: true,
timeout: timeout || DEFAULT_TIMEOUT,
reject: false,
all: true,
});Expected behavior
The tool must implement robust security measures to prevent execution of dangerous commands, including:
-
Command validation system: Implement a filtering mechanism to block known destructive commands (e.g., rm -rf, mkfs, dd, shutdown, rmdir with critical paths) by default.
-
Whitelisting approach: Restrict execution to a predefined set of allowed commands and operations, with explicit approval required for any additional commands.
-
Input sanitization: Validate and sanitize all command inputs to remove or neutralize potentially harmful components before execution.
Title: Critical Security Issue: Unrestricted Command Execution in mcp-cli-exec
Describe the vulnerability
The cli-exec-raw and cli-exec tools in jakenuts/mcp-cli-exec currently execute commands without any form of validation, filtering, or security checks, presenting a severe security risk. This fundamental flaw allows the execution of any arbitrary system command without restriction, including highly destructive operations that could result in catastrophic system damage.
For example, the tool would readily execute dangerous commands like rm -rf / (which recursively deletes system files) or mkfs (which formats storage devices) with no safeguards. This complete lack of command validation is the primary security concern, as it leaves systems vulnerable to malicious actors or accidental misuse that could lead to data loss or system compromise.
The relevant code in src/executor.ts (lines 13-19) demonstrates this unfiltered execution flow:
Expected behavior
The tool must implement robust security measures to prevent execution of dangerous commands, including:
Command validation system: Implement a filtering mechanism to block known destructive commands (e.g., rm -rf, mkfs, dd, shutdown, rmdir with critical paths) by default.
Whitelisting approach: Restrict execution to a predefined set of allowed commands and operations, with explicit approval required for any additional commands.
Input sanitization: Validate and sanitize all command inputs to remove or neutralize potentially harmful components before execution.