The thing is - the security risk coming from inappropriate setup of privileges for correlated accounts is there all the time, no matter if you're using xp_cmdshell or not.
Not using it for routine tasks does not improve security by a tiniest bit.
Disabling xp_cmdshell is a hoax. It is impossible to actually disable it.
It is always enabled. ALWAYS.
Therefore there is no point (in terms of security) in replacing xp_cmdshell with another utility. It's only wasting time and effort.
Just make sure that Windows accounts for SQL Server and Agent have appropriate privileges within the domain: sufficient for the job they are doing and not any more.
_____________
Code for TallyGenerator