Server data from the Official MCP Registry
Read-only SSH server diagnostics via a fixed 38-command whitelist; secrets redacted, no write path.
Read-only SSH server diagnostics via a fixed 38-command whitelist; secrets redacted, no write path.
Well-designed SSH diagnostic server with strong security foundations. The whitelist-based command execution prevents arbitrary code execution, container name validation blocks injection attacks, and credential redaction protects sensitive data. Minor code quality observations around error handling and logging do not materially impact security. Permissions (SSH, file I/O, env vars) align appropriately with the server's stated purpose of collecting read-only diagnostics. Supply chain analysis found 2 known vulnerabilities in dependencies (0 critical, 2 high severity). Package verification found 1 issue.
7 files analyzed · 7 issues found
Security scores are indicators to help you make informed decisions, not guarantees. Always review permissions before connecting any MCP server.
This plugin requests these system permissions. Most are normal for its category.
Set these up before or after installing:
Environment variable: RP_HOSTS
Environment variable: RP_PROBE_URL
Add this to your MCP configuration file:
{
"mcpServers": {
"io-github-easton-ou-rootpilot-ssh-diagnose": {
"env": {
"RP_HOSTS": "your-rp-hosts-here",
"RP_PROBE_URL": "your-rp-probe-url-here"
},
"args": [
"-y",
"@rootpilot/mcp-ssh-diagnose"
],
"command": "npx"
}
}
}From the project's GitHub README.
This is the open-source, bring-your-own-LLM taste of RootPilot. The full product adds calibrated diagnosis (89.7% across 29 standard failure scenarios, zero false alarms on healthy hosts), alert-triggered auto-diagnosis, history, and multi-host management → rootpilotx.com · deployment repo: rootpilot-release
An MCP server that lets any MCP client — Claude Desktop, Claude Code, or your own — safely collect read-only diagnostics from your servers over SSH. It gathers evidence from a fixed whitelist of read-only commands; your model does the reasoning. The server never runs anything outside the whitelist, and never makes a change to your hosts.
When a server misbehaves, you end up SSH-ing in and running the same twenty commands — df -h, docker ps, dmesg | grep -i oom, free -m — then eyeballing the output. This server turns that into a conversation: your LLM asks for exactly the evidence it needs, gets structured, secret-redacted output back, and reasons about the root cause. You stay in control; nothing leaves your machine except SSH to your own hosts.
get_whitelist lists them all). There is no tool that runs an arbitrary command — not even with a confirmation prompt. Every command only inspects state.^[a-zA-Z0-9_.-]+$ before it is ever placed in a command. web; rm -rf / is rejected, not escaped.KEY=value secrets, Bearer/Basic tokens, sk-/ghp_/AKIA… key shapes, PEM private-key blocks, and credentials embedded in URLs. docker inspect env values are scrubbed.Add the server to your MCP client. For Claude Desktop (claude_desktop_config.json):
{
"mcpServers": {
"rootpilot-ssh-diagnose": {
"command": "npx",
"args": ["-y", "@rootpilot/mcp-ssh-diagnose"],
"env": {
"RP_HOSTS": "/Users/me/.rootpilot-mcp/hosts.json"
}
}
}
}
Then create hosts.json (see hosts.example.json):
[
{ "name": "prod-1", "host": "1.2.3.4", "port": 22, "user": "rootpilot",
"auth": { "type": "key", "keyPath": "~/.ssh/rootpilot_key" } },
{ "name": "prod-2", "host": "10.0.0.5", "user": "ops",
"auth": { "type": "password", "password": "..." } }
]
Restart your client. Ask it: "Diagnose prod-1" (or run the diagnose-host prompt).
Use a least-privilege account. Create a dedicated read-only SSH user for diagnostics rather than reusing root. The commands only read state, but the account should reflect that.
| tool | arguments | what it does |
|---|---|---|
list_hosts | probe? | List configured hosts; with probe, also test SSH reachability |
get_whitelist | — | Return all 38 commands (key, purpose, template) so you and the model can audit exactly what can run |
collect | host, keys[] (≤8), container? | Run specific whitelisted commands and return redacted, truncated output |
collect_base | host | Shortcut: the base overview (docker_ps, df, df_inode, free, uptime, dmesg_oom, docker_daemon) |
container_deep_dive | host, container | Shortcut: docker_logs, docker_inspect (redacted), container_state, docker_stats for one container |
Two prompts ship built-in: diagnose-host (evidence-first root-cause walkthrough) and health-check (a light sweep).
| env var | default | purpose |
|---|---|---|
RP_HOSTS | — | Path to your hosts.json (required) |
RP_PROBE_URL | https://cloudflare.com | Target for the outbound-connectivity / DNS probes |
RP_NO_PROMO | — | Set to 1 to silence the one-line pointer to the full product |
your MCP client (the LLM)
│ "collect df, docker_ps, dmesg_oom from prod-1"
▼
rootpilot-ssh-diagnose ──ssh──▶ your server
│ renders a whitelisted template, runs it read-only,
│ redacts secrets, truncates, returns structured output
▼
the LLM reasons about root cause from the evidence
The server deliberately does no analysis of its own — no built-in LLM call, no multi-round orchestration. That boundary is the point: it's a clean, auditable evidence collector. Calibrated diagnosis (deciding which evidence to pull for which symptom, across follow-up rounds, scored against a failure-scenario library) is what the full RootPilot product does.
Does it ever change my server? No. Every command is read-only, and there is no arbitrary-command tool. The full whitelist is visible via get_whitelist.
Where does my data go? Nowhere except SSH between this server (running on your machine) and your hosts. Command output goes to your MCP client's model. No telemetry.
Which LLM does it use? None of its own — it's bring-your-own. Whatever model your MCP client runs does the reasoning.
Can it manage Windows servers or jump hosts? Not in v1. It targets Linux hosts over direct SSH.
How is this different from RootPilot? This collects evidence; you (or your model) interpret it ad hoc. RootPilot adds calibrated diagnosis, alert-triggered auto-diagnosis, a per-host history ("medical record"), and multi-host management. See rootpilotx.com.
npm install
npm run build # compile to dist/
npm test # whitelist / injection / redaction / timeout tests
npm run typecheck
MIT — see LICENSE.
Be the first to review this server!
by Modelcontextprotocol · Developer Tools
Web content fetching and conversion for efficient LLM usage
by Toleno · Developer Tools
Toleno Network MCP Server — Manage your Toleno mining account with Claude AI using natural language.
by mcp-marketplace · Developer Tools
Create, build, and publish Python MCP servers to PyPI — conversationally.