Shellquote Mcp
Escape user or dynamic values safely when agents generate bash, cmd.exe, or PowerShell commands.
Overview
Shellquote MCP is a MCP server for the Ship phase that safely escapes arguments for bash, cmd.exe, and PowerShell.
What is this MCP server?
- Shell-specific escaping for bash, cmd.exe, and PowerShell
- Reduces command-injection risk from agent-generated one-liners
- stdio npm @mukundakatta/shellquote-mcp v0.1.0
- Cross-platform quoting without memorizing each shell’s rules
- Small focused MCP from mcp-stack monorepo
- Server version 0.1.0
- Supports bash, cmd.exe, and PowerShell quoting
- stdio npm transport
What problem does it solve?
Agents paste unquoted user input into shell commands and you risk broken scripts or injection.
Who is it for?
Solo builders whose agents construct cross-platform shell commands from variables or user content.
Skip if: Full OS command allowlisting, sandboxed execution, or replacing parameterized APIs instead of shells.
What do I get? / Deliverables
Generated commands use shell-appropriate quoting before you run them in CI or locally.
- Quoted argument strings safe for the target shell
- Clear separation of bash vs cmd vs PowerShell rules
Recommended MCP Servers
Journey fit
How it compares
Shell quoting utility MCP, not a deployment or terminal execution server.
Common Questions / FAQ
Who is shellquote-mcp for?
Developers using MCP agents that emit bash, cmd, or PowerShell and need correct escaping per shell.
When should I use shellquote-mcp?
When building or reviewing agent-generated scripts that include dynamic paths, flags, or user-supplied strings.
How do I add shellquote-mcp to my agent?
Install @mukundakatta/shellquote-mcp via npm, configure stdio MCP in your client, and invoke quoting tools before run instructions.