We have a system that allows you to execute commands from customer post, call ansible api to execute commands on remote systems,
should be limited to query commands, such as
ps -ef | grep java | rm somefile
netstat -anpt | grep 1234 | pkill someprocess
whether there is a python module or other method to determine whether a command string will modify the system