Sudo

MCP server for running sudo commands with encrypted password storage.

Exposes 4 tools to persist a sudo password (encrypted with a machine-bound key) and invoke privileged commands without re-entering credentials. Designed for single-user Linux workstations.

📖 อ่านภาษาไทย →

---

Tools

Tool	Purpose
store_password	Store sudo password (encrypted, one-time)
sudo_exec	Run shell command with sudo
has_password	Check if password is stored
clear_password	Remove stored password

---

Security model

• Password is encrypted with Fernet (AES-128-CBC + HMAC-SHA256).
• Encryption key is derived from machine-id + USER — never stored on disk.
• Decryption only succeeds on the same machine with the same user.
• Encrypted blob lives at ~/.config/claude-sudo-mcp/credential.enc (chmod 600).

This is not a secrets manager. Treat this as "remember my sudo password for this session on this box." If your machine-id is copied to another box or another user reads the MCP process, the password can be recovered.

---

Install

cd /path/to/mcp-sudo
uv venv --python 3.12 .venv
uv pip install --python .venv/bin/python mcp cryptography

claude mcp add sudo -s user -- \
  /path/to/mcp-sudo/.venv/bin/python /path/to/mcp-sudo/server.py

On first use, call store_password once to cache credentials.

---

Support the project ❤

• Ko-fi: https://ko-fi.com/kamaru

---

Contact

• Portfolio / general: [email protected]
• Commercial / licensing: [email protected]

---

Copyright © 2026 likezara™. All rights reserved. Developed by Kamaru (pen name).