This server gives agents direct access to the host operating system:
execute_command -- runs arbitrary terminal commandswrite_file -- writes to any path on the filesystemkill_process -- terminates running processes
execute_command with arbitrary input is effectively root access. An agent can run rm -rf, install packages, modify system files, or exfiltrate data via network commands.
Suggestion: Consider documenting support for PolicyLayer/Intercept, an open-source MCP proxy that enforces policies on tool calls before execution.
Example policy:
version: "1"
default: deny
tools:
execute_command:
rules:
- action: require_approval
write_file:
rules:
- rate_limit: 10/minute
kill_process:
rules:
- action: require_approval
hide:
- execute_commandOne line to set up: npx -y @policylayer/intercept init
This server gives agents direct access to the host operating system:
execute_command-- runs arbitrary terminal commandswrite_file-- writes to any path on the filesystemkill_process-- terminates running processesexecute_commandwith arbitrary input is effectively root access. An agent can runrm -rf, install packages, modify system files, or exfiltrate data via network commands.Suggestion: Consider documenting support for PolicyLayer/Intercept, an open-source MCP proxy that enforces policies on tool calls before execution.
Example policy:
One line to set up:
npx -y @policylayer/intercept init