The thing is - the security risk coming from inappropriate setup of privileges for correlated accounts is there all the time, no matter if you're using xp_cmdshell or not.

Not using it for routine tasks does not improve security by a tiniest bit.

Disabling xp_cmdshell is a hoax. It is impossible to actually disable it.

It is always enabled. ALWAYS.

Therefore there is no point (in terms of security) in replacing xp_cmdshell with another utility. It's only wasting time and effort.

Just make sure that Windows accounts for SQL Server and Agent have appropriate privileges within the domain: sufficient for the job they are doing and not any more.