Vet LLM-emitted shell commands BEFORE execution. 26 destructive-pattern rules / 8 families.
MCP server that vets LLM-emitted shell commands BEFORE execution — detects nested deep in chains, package-manager glob removal (), // filesystem destruction, / privilege blast, network-exfil via , chained /, and destructive ops. Sub-second, local, free, MCP-native — designed to be called inline by Claude Code / Cursor / Cline / OpenClaw before approving any agent-proposed command. Defensive…
Verification confirms publisher identity (repo ownership), not code safety. The security scan covers known CVEs and suspicious install scripts — it cannot prove the absence of malicious code.
MCP server that vets LLM-emitted shell commands BEFORE execution — detects nested deep in chains, package-manager glob removal (), // filesystem destruction, / privilege blast, network-exfil via , chained /, and destructive ops. Sub-second, local, free, MCP-native — designed to be called inline by Claude Code / Cursor / Cline / OpenClaw before approving any agent-proposed command. Defensive complement to MCP shell-execution servers (MCPShell, mcp-shell, mcp-bash). []( [](./tests) [](./LICENSE)…