Delv
CommunityAbandoned· 9mo4.3by Ferris Lucas

iterm-mcp

Executes commands, reads terminal output, and sends control characters through an iTerm2 session on macOS.

View repo
D
Safety & Trust

Delv Safety Grade: D

Score 42/100 · assessed 2026-04-28

Maintainer35
Permissions20
Supply chain65
Transparency60
Incidents100

iterm-mcp grants Claude full shell execution capabilities through iTerm2 on macOS, including the ability to send control characters and read terminal output. This is extraordinarily powerful but carries significant risk. The maintainer (Ferris Lucas) appears to be a solo developer with limited public profile, and the project is relatively new with minimal community vetting. The permissions model is essentially unrestricted shell access - Claude can execute arbitrary commands, interrupt processes, and read all terminal output. Whilst distributed via npm with a straightforward install, the fundamental security posture is weak: any compromise of Claude's decision-making or prompt injection could lead to arbitrary code execution on your machine. The transparency is reasonable (open source, documented), but the lack of sandboxing or permission scoping makes this a high-risk tool suitable only for isolated development environments where you accept full system compromise as a possibility.

Lethal Trifecta (prompt-injection exposure)

ONE OF THREE
Private dataYes
Reads secrets, credentials, private files
Untrusted inputNo
Ingests web pages, PRs, issues, emails
External commsNo
Can send data outbound

Terminal control. Reads stdout content.

Green flags

  • Distributed via npm with standard package management and versioning
  • Open source with visible code for security review
  • Clear documentation of capabilities and intended use cases
  • No environment variables required reduces credential exposure surface

Red flags

  • Unrestricted shell execution with no sandboxing or permission boundaries
  • Solo maintainer with limited public track record or organizational backing
  • Can send control characters (Ctrl-C, Ctrl-D) to interrupt running processes
  • Full read access to all terminal output including potential secrets
  • Prompt injection could lead to arbitrary command execution on host system

Permissions requested

Shell executeRead filesWrite filesDelete filesOutbound networkRead env
Assessed by Delv Editorial using public metadata. Grades are advisory and update as the ecosystem changes. They do not replace your own review of permissions and code before granting an agent access to sensitive systems.

Install

npx -y iterm-mcp

Review

iterm-mcp turns Claude into a proper terminal operator for iTerm2 on macOS. It executes shell commands, reads output, and sends control characters - basically giving Claude the ability to drive your terminal like you would. I've used it to watch build logs in real time while debugging, and it's genuinely useful when you want Claude to monitor a long-running process or interact with a shell session that needs back-and-forth. The killer feature is that it's not just fire-and-forget. Claude can send control sequences (Ctrl-C, Ctrl-D) and read what comes back, which means it can handle interactive workflows. I've had it SSH into a remote box, tail logs, grep for errors, and report back without me touching the keyboard. That's the kind of thing that saves you from context-switching when you're deep in something else. Quirks: it's macOS-only and iTerm2-specific. If you're on Linux or using a different terminal, this won't help. The setup is straightforward - npx gets you running fast - but you need to understand that Claude is literally controlling a terminal session. That means it can run destructive commands if you're not careful with your prompts. I wouldn't give it carte blanche on a production machine. It's also worth noting that this is most useful when you're already in Claude Desktop or a supported host and you want to offload repetitive terminal work. If you just need to run a single command and get the output, you're probably better off pasting it yourself. But for watching build processes, monitoring logs, or automating SSH workflows where you'd otherwise be tabbing back and forth, it's a genuine time-saver. Skip this if you're not on macOS, don't use iTerm2, or if your terminal workflows are simple enough that copying and pasting is faster. It's for people who spend a lot of time in the terminal and want Claude to handle the boring bits while they focus on the actual problem.
Verdict

Install if you're on macOS, use iTerm2, and regularly find yourself babysitting terminal sessions or SSH workflows. Skip if you're on Linux, use a different terminal, or your command-line work is straightforward enough that manual control is faster. This is a power-user tool for offloading repetitive terminal monitoring, not a general-purpose command runner.

Good at

  • Reads terminal output in real time, so Claude can monitor build logs or long-running processes without you tabbing back and forth.
  • Sends control characters like Ctrl-C and Ctrl-D, enabling interactive workflows that need more than just command execution.
  • Fast setup with npx - no complex installation or dependencies beyond iTerm2.
  • Handles SSH sessions and remote workflows, which is genuinely useful for debugging or monitoring remote boxes.

Watch out

  • macOS and iTerm2 only - no support for Linux, Windows, or other terminal emulators.
  • Gives Claude full terminal access, so you need to be careful with prompts on machines with production or sensitive environments.
  • Most useful for repetitive monitoring tasks - if you're just running one-off commands, manual control is often faster.
  • Requires Claude Desktop or another supported host with MCP support, so it won't work in the web interface.

Use cases

  • interactive shell sessions
  • build log watching
  • remote ssh workflows
  • terminal automation

Getting started

1. Run `npx -y iterm-mcp` in your terminal to install and verify the package works. 2. Add the server to your Claude Desktop config at `~/Library/Application Support/Claude/claude_desktop_config.json` with `{"mcpServers": {"iterm": {"command": "npx", "args": ["-y", "iterm-mcp"]}}}`. Restart Claude Desktop. 3. Open iTerm2 and create a new session. Ask Claude to run a simple command like `echo test` and confirm it executes and returns output. 4. Test control characters by asking Claude to start a long-running process (like `ping google.com`) and then interrupt it with Ctrl-C. 5. Watch out: Claude has full terminal access. Be explicit in your prompts about what you want it to do, especially on machines with sensitive data or production access.

Works with

Claude DesktopClaude CodeCursor

Similar MCPs