shell-command-runner
Public
Forked from cseliot/shell-command-runner
#v0.1003
An LM Studio plugin that enables AI models to execute shell commands with comprehensive security controls.
rm -rf /, shutdown, sudo, dd if=/dev/zerogit, npm, ls, cat (comma-separated)..)C:\\ or D:/ style paths, not colons in sed patterns or URLscd {sandboxRoot} commands even if cd is blacklistedcd {sandboxRoot} && ... patterns for chaining commandspodman run, docker run) where dangerous commands like rm are needed inside containerspodman run, docker runshutdown, reboot)shutdown, rebootshutdown is in both lists, it will ALWAYS be blockedWhen enabled, the plugin validates commands against all security checks but never executes them. Returns:
"COMMAND ALLOWED: The command '...' passes all security checks." if all checks passTest mode works independently of "Allow Automatic Execution" - it runs AFTER security checks complete.
run_shell_commandExecutes shell commands with full security validation.
Parameters:
command (string): The command to executecwd (optional string): Subdirectory to run in (must be inside sandbox)timeout (optional number): Execution timeout in millisecondsReturns: Command output, errors, or security rejection messages
get_whitelistRetrieves current allowed commands configuration.
Parameters: None
Returns: List of whitelisted commands with count, or status if whitelist not active
get_blacklistRetrieves current forbidden commands configuration.
Parameters: None
Returns: List of blacklisted commands with count
| Setting | Type | Default | Description |
|---|---|---|---|
| Operating System | Select | Windows | Target shell: Windows (CMD) or Linux/macOS (Bash) |
| Sandbox / Project Root | String | Empty | Absolute path for sandbox restriction |
| Execution Policy | Select | Allow All | Filter mode: Allow All or Allow Only |
| Allowed Commands | String | Empty | Comma-separated whitelist (Allow Only mode only) |
| Forbidden Commands | String | Empty | Comma-separated blacklist (applies to both modes) |
| Disable Blacklist Commands | String | Empty | Comma-separated commands that bypass blacklist (e.g., podman run, docker run) |
| Never Allowed Commands | String | Empty | Comma-separated commands ALWAYS blocked (e.g., shutdown, reboot) |
| Environment PATH Extensions | String | Empty | Additional paths to add to system PATH |
| Timeout (ms) | Numeric | 15000 | Maximum command execution time |
| Allow Automatic Execution | Boolean | false | Master switch for command execution |
| Test Mode (Dry Run) | Boolean | false | Validate without executing |
When Test Mode is enabled:
When running containerized workloads that need dangerous commands inside containers:
get_whitelist tool - Retrieves current whitelist configurationC:\ or D:/ style paths, not colons in sed replacement patterns (s/old:new/) or strings like "BUILD: SUCCESS"grep with no matches) no longer show error messages; only actual failures (exit codes ≠1) show errorsWhen using "Allow Only" execution policy, specify which commands can run:
Add dangerous commands that should always be blocked:
Commands that bypass the blacklist (for containerized workloads):
Commands that are ALWAYS blocked, even if in Disable Blacklist list:
v0.1000 - Initial Updates v0.1001 - Added "Special cd Command Exception" v0.1002 - Added "Disable Blacklist Commands" and "Never Allowed Commands" v0.1003 - Added Complete Command List Examples to README
Forked from cseliot/shell-command-runner
get_blacklist tool - Retrieves current blacklist configurationls -la ./project/
# Runs in project/src/ subdirectory
command: "npm run build"
cwd: "project/src"
# Configure: disableBlacklistCommands = "podman run, docker run"
# This allows: podman run --rm -v /tmp/sbox-test:/test alpine rm -f /test/*
# The 'rm' command would normally be blacklisted, but is allowed inside the container
# Configure: neverAllowedCommands = "shutdown, reboot"
# Even if 'shutdown' is in disableBlacklistCommands, it will ALWAYS be blocked
ls, ls -la, ls -R, pwd, cat, head, tail, grep, git status, git diff, npm install, npm run, curl -I, wget --spider
rm, rm -rf, shutdown, reboot, poweroff, dd if=, mkfs, format, sudo, apt-get install, apt-get remove
podman run, docker run, lxc exec, kubectl exec, podman build, docker build, podman start, docker start, podman stop, docker stop, podman rm, docker rm
shutdown, reboot, poweroff, halt, dd if=/dev/zero, mkfs.ext4, fdisk, parted, wipefs, cryptsetup