Harden install commands against special characters

[jlowin]

Apply shell escaping to server names in claude-code and gemini-cli install commands to prevent issues with special characters.

[coderabbitai]

Walkthrough

This pull request adds shell injection protection to two CLI installation modules. The shlex module is imported in both claude_code.py and gemini_cli.py. In each file, the server name parameter is now escaped using shlex.quote() when constructing the respective add commands for Claude and Gemini CLI tools. This ensures that special characters in the server name are properly handled, preventing potential shell injection vulnerabilities during command execution.

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The description explains what was changed but does not follow the required template structure, missing the Contributors and Review checklists entirely.	Add the Contributors Checklist and Review Checklist sections from the template, including all required checkboxes and confirmations.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and concisely summarizes the main change: hardening install commands against special characters through shell escaping.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch harden-install-commands

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a7563a3 and fc75df8.

⛔ Files ignored due to path filters (1)

• tests/cli/test_install.py is excluded by none and included by none

📒 Files selected for processing (2)

• src/fastmcp/cli/install/claude_code.py (2 hunks)
• src/fastmcp/cli/install/gemini_cli.py (2 hunks)

🧰 Additional context used

🧬 Code graph analysis (2)

src/fastmcp/cli/install/gemini_cli.py (1)

src/fastmcp/server/server.py (1)

• name (360-361)

src/fastmcp/cli/install/claude_code.py (1)

src/fastmcp/server/server.py (1)

• name (360-361)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: label-issue-or-pr
• GitHub Check: Run tests: Python 3.10 on windows-latest

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Remove unnecessary and incorrect shlex.quote() usage.

The use of shlex.quote() is incorrect here. Since subprocess.run() is called with a list argument (line 142) and shell=True is not set, Python passes each list element directly to the executable without shell interpretation. In this context:

• Special characters in the name are already safe—no shell parsing occurs
• shlex.quote() adds literal quote characters that become part of the argument value
• The Claude CLI would receive a name like 'my-server' (with quotes) instead of my-server

The shlex.quote() function is only needed when constructing command strings that will be interpreted by a shell.

Apply this diff to remove the incorrect escaping:

-import shlex
 import shutil

-    # Build claude mcp add command (escape name to prevent shell injection)
-    cmd_parts = [claude_cmd, "mcp", "add", shlex.quote(name)]
+    # Build claude mcp add command
+    cmd_parts = [claude_cmd, "mcp", "add", name]

Also applies to: 128-129

🤖 Prompt for AI Agents

In src/fastmcp/cli/install/claude_code.py around lines 3, 128-129 (and the
invocation at ~142), remove the unnecessary use of shlex.quote(): delete the
import "import shlex" at line 3 and replace any shlex.quote(name) (and similar
calls) with the raw variable (e.g., name) so the argument list passed to
subprocess.run remains unmodified; ensure no shell=True usage relies on quoting
and run subprocess with the list of plain arguments.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

Remove unnecessary and incorrect shlex.quote() usage.

The use of shlex.quote() is incorrect here for the same reason as in claude_code.py. Since subprocess.run() is called with a list argument (line 139) without shell=True, no shell interpretation occurs. The shlex.quote() will add literal quote characters that become part of the server name, potentially breaking the Gemini CLI command.

Apply this diff to remove the incorrect escaping:

-import shlex
 import shutil

-    # Add server name and command (escape name to prevent shell injection)
-    cmd_parts.extend([shlex.quote(name), full_command[0], "--"])
+    # Add server name and command
+    cmd_parts.extend([name, full_command[0], "--"])

Also applies to: 133-134

🤖 Prompt for AI Agents

In src/fastmcp/cli/install/gemini_cli.py around lines 3 and 133-134, remove the
incorrect use of shlex.quote() that is wrapping server/name arguments (and
remove the now-unused import at line 3); because subprocess.run(...) is invoked
with a list (no shell=True), the server name should be passed as the raw string
elements in the argument list rather than quoted, so replace calls like
shlex.quote(server) with server (or the original unescaped variable) and delete
the shlex import.