shell-command-runner

Public

Forked from lmbimmerboye/shell-command-runner

Plugin
Revisions

CSEliot's fork, see README.md

74 Downloads

1 star

Last updated

Updated 17 days agoby
cseliot
Report

Project Files

README

#v0.1001

LM Studio Shell Command Runner Plugin

An LM Studio plugin that enables AI models to execute shell commands with comprehensive security controls.

Features

Core Functionality

  • Execute shell commands in Linux/macOS (Bash) or Windows (CMD) environments
  • Read command output (stdout/stderr) as string responses
  • Configurable execution timeout and working directory

Security Controls

Execution Policy

  • Allow All (Block Forbidden): Default mode - all commands allowed unless explicitly blacklisted
  • Allow Only (Strict Whitelist): Only whitelisted commands can execute

Blacklist

  • Blocks dangerous commands like rm -rf /, shutdown, sudo, dd if=/dev/zero
  • Applies in BOTH execution policy modes
  • Configurable via plugin settings

Whitelist

  • When "Allow Only" mode is enabled, only explicitly listed commands can run
  • Example: git, npm, ls, cat (comma-separated)
  • Empty whitelist with "Allow Only" mode blocks all commands

Sandbox Mode

  • Restricts command execution to a specified project root directory
  • Prevents access to files outside the sandbox
  • Blocks absolute paths and parent directory traversal (..)
  • Fixed: Windows drive letter detection now only matches C:\\ or D:/ style paths, not colons in sed patterns or URLs

Special cd Command Exception

  • Allows cd {sandboxRoot} commands even if cd is blacklisted
  • Also allows cd {sandboxRoot} && ... patterns for chaining commands
  • Only permits navigation to the exact sandbox root directory
  • Subdirectories and other paths are blocked with a clear error message

Test Mode (Dry Run)

When enabled, the plugin validates commands against all security checks but never executes them. Returns:

  • "COMMAND ALLOWED: The command '...' passes all security checks." if all checks pass
  • Security error messages if any check fails

Test mode works independently of "Allow Automatic Execution" - it runs AFTER security checks complete.

Safety Switches

Allow Automatic Execution (Master Kill Switch)

  • OFF (default): All commands blocked before any security checks
  • ON: Commands proceed through security validation
  • Prevents accidental command execution by default

Tools Provided

1. run_shell_command

Executes shell commands with full security validation.

Parameters:

  • command (string): The command to execute
  • cwd (optional string): Subdirectory to run in (must be inside sandbox)
  • timeout (optional number): Execution timeout in milliseconds

Returns: Command output, errors, or security rejection messages

2. get_whitelist

Retrieves current allowed commands configuration.

Parameters: None

Returns: List of whitelisted commands with count, or status if whitelist not active

3. get_blacklist

Retrieves current forbidden commands configuration.

Parameters: None

Returns: List of blacklisted commands with count

Configuration Options

SettingTypeDefaultDescription
Operating SystemSelectWindowsTarget shell: Windows (CMD) or Linux/macOS (Bash)
Sandbox / Project RootStringEmptyAbsolute path for sandbox restriction
Execution PolicySelectAllow AllFilter mode: Allow All or Allow Only
Allowed CommandsStringEmptyComma-separated whitelist (Allow Only mode only)
Forbidden CommandsStringEmptyComma-separated blacklist (applies to both modes)
Environment PATH ExtensionsStringEmptyAdditional paths to add to system PATH
Timeout (ms)Numeric15000Maximum command execution time
Allow Automatic ExecutionBooleanfalseMaster switch for command execution
Test Mode (Dry Run)BooleanfalseValidate without executing

Usage Examples

Basic Command

ls -la ./project/

With Subdirectory

# Runs in project/src/ subdirectory
command: "npm run build"
cwd: "project/src"

Test Mode Validation

When Test Mode is enabled:

  • Blacklist check runs first
  • Whitelist check runs second (if applicable)
  • Sandbox validation runs third
  • Returns "COMMAND ALLOWED" without executing

Configuration for This Session

Updated Features

  • Added get_whitelist tool - Retrieves current whitelist configuration
  • Added get_blacklist tool - Retrieves current blacklist configuration
  • Added Test Mode (Dry Run) - Validates commands without execution
  • Test Mode works independently - Runs after security checks, regardless of Allow Automatic Execution setting

Security Check Order

  • Allow Automatic Execution check
  • Blacklist check
  • Whitelist check (if "Allow Only" mode)
  • Sandbox validation
  • Test Mode check (returns without executing if enabled)
  • Environment setup
  • Command execution (only if all checks pass AND testMode is OFF)

Bug Fixes

  • Fixed false positive for drive letter detection - Windows path detection now only matches C:\ or D:/ style paths, not colons in sed replacement patterns (s/old:new/) or strings like "BUILD: SUCCESS"
  • Fixed exit code 1 handling - Commands that return exit code 1 (like grep with no matches) no longer show error messages; only actual failures (exit codes ≠ 1) show errors

Author

  • Author: Techstat
  • License: MIT
  • AI: Vibe-Coded additions via Qwen3 Coder Next Bartowski Q4 Quant.

Versions

v0.1000 - Initial Updates v0.1001 - Added "Special cd Command Exception"