Summary
Lets Claude run privileged Linux commands without prompting for your sudo password every time. You call store_password once to encrypt and cache your credentials using Fernet with a key derived from your machine ID and username, then use sudo_exec to run any shell command as root. The encrypted blob lives in your config directory with restrictive permissions. The security model assumes you trust the machine and user account. It's designed for single-user workstations where you want Claude to install packages, modify system files, or restart services without breaking flow. Also includes has_password and clear_password for credential lifecycle management.
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →
Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →
Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →
On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →
mcp-sudo
MCP server for running sudo commands with encrypted password storage.
Exposes 4 tools to persist a sudo password (encrypted with a machine-bound key) and invoke privileged commands without re-entering credentials. Designed for single-user Linux workstations.
Tools
| Tool | Purpose |
|---|---|
store_password | Store sudo password (encrypted, one-time) |
sudo_exec | Run shell command with sudo |
has_password | Check if password is stored |
clear_password | Remove stored password |
Security model
- Password is encrypted with Fernet (AES-128-CBC + HMAC-SHA256).
- Encryption key is derived from
machine-id+USER— never stored on disk. - Decryption only succeeds on the same machine with the same user.
- Encrypted blob lives at
~/.config/claude-sudo-mcp/credential.enc(chmod 600).
This is not a secrets manager. Treat this as "remember my sudo password for this session on this box." If your machine-id is copied to another box or another user reads the MCP process, the password can be recovered.
Install
cd /path/to/mcp-sudo
uv venv --python 3.12 .venv
uv pip install --python .venv/bin/python mcp cryptography
claude mcp add sudo -s user -- \
/path/to/mcp-sudo/.venv/bin/python /path/to/mcp-sudo/server.py
On first use, call store_password once to cache credentials.
Support the project ❤
- Ko-fi: https://ko-fi.com/kamaru
Contact
- Portfolio / general: k.kamarux@gmail.com
- Commercial / licensing: contact@likezara.com
Copyright © 2026 likezara™. All rights reserved. Developed by Kamaru (pen name).
Featured
Keep your Mac awake while Claude Code and 40+ AI agents run. Sleeps when they're idle.
One time payment $9 →Integrate web data into your AI product. One API to scrape website & brand data.
Get API Key Now →Agent, run crypto. Access onchain data & trade routes via 1inch.
Install now →On Capafy, your Skill runs online 24/7 as an agent product, and you get paid every time someone uses it.
Start earning →