shellguard
ShellGuard is an MCP (Model Context Protocol) server that lets LLM agents connect to remote hosts over SSH and run a restricted, validated set of observation/diagnostic shell commands (optionally provisioning common diagnostic tools and downloading files via SFTP). It is designed to block destructive operations via syntax-level parsing and an allow/deny command model.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
Security posture is driven by SSH key authentication (no OAuth) and strong command restrictions: bash parsing into an AST, syntax rejection for tricks (semicolons/redirections/command substitution), default-deny allowlist/denylist validation, argument re-quoting, timeouts and output truncation, plus explicit blocking of destructive behaviors with suggested safer alternatives. Host key verification defaults to trust-on-first-use (accept-new) with options for strict/off. Rate limiting is not documented in the provided content. Dependency/CVE hygiene is not assessable from the supplied material.
⚡ Reliability
Best When
You want an LLM to perform controlled, read-only style investigations on known hosts with strict command restrictions and clear observability into what is executed.
Avoid When
You cannot guarantee that SSH credentials, host verification, and command allowlists are properly configured; or you require fully arbitrary command execution.
Use Cases
- • Letting an LLM perform safe remote diagnostics on staging/dev/prod servers over SSH
- • Inspecting logs and running read-only investigations without copy-pasting terminal output
- • Querying/searching files using provisioned tools (e.g., rg/jq/yq)
- • Downloading specific remote artifacts for analysis (SFTP with size limits)
Not For
- • Executing arbitrary shell commands chosen freely by the LLM
- • Automating high-risk or destructive administrative operations
- • Unauthenticated use of SSH credentials
- • Production environments where any remote shell access is prohibited by policy
Interface
Authentication
Authentication is SSH-key based. The server attempts methods in a defined priority order. There is no mention of OAuth or fine-grained scopes; authorization is effectively governed by the allowed command set plus the SSH account/keys used.
Pricing
No pricing details were provided in the supplied content; installation is via local binaries or Go tooling.
Agent Metadata
Known Gotchas
- ⚠ Follow-mode commands like `tail -f` may hang; prefer bounded reads (e.g., `tail -n 100`).
- ⚠ Recursive downloads like `wget -r` are blocked; use allowed alternatives.
- ⚠ Stream editing via `sed` may be blocked or restricted to read-only; prefer grep/search for analysis.
- ⚠ Variable expansion behavior is restricted (e.g., `$HOME/file` does not expand).
- ⚠ Provisioning and download tools can be disabled via config/env; agent may need to handle missing tool availability.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for shellguard.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.