MCP

Code Sandbox

The Code Sandbox MCP Server provides AI assistants and LLM apps with secure code execution capabilities through containerized environments.

It creates isolated execution spaces where Python and JavaScript code can run safely without compromising the host system.

GitHub 🔗

Features

  • 🐍 Python Code Execution: Run Python scripts in isolated containers with full output capture.
  • 🟨 JavaScript/Node.js Support: Execute JavaScript code using Node.js runtime in secure environments.
  • 🔒 Container Isolation: Complete separation between code execution and host system using Docker/Podman.
  • 🔄 Environment Variables: Pass through API keys and secrets securely to containerized code.
  • 🎨 Custom Container Images: Use your own container images with specific dependencies and configurations.
  • 📤 Output Streaming: Capture both standard output and error streams from executed code.
  • 🧹 Automatic Cleanup: Containers are automatically stopped and removed after execution.

Installation

1. Install the MCP server directly from the GitHub repository:

pip install git+https://github.com/philschmid/code-sandbox-mcp.git

2. Add the server to your MCP client configuration file. The server launches on-demand when needed:

{
  "mcpServers": {
    "code-sandbox": {
      "command": "code-sandbox-mcp"
    }
  }
}

3. Pass sensitive information like API keys to your containerized code:

{
  "mcpServers": {
    "code-sandbox": {
      "command": "code-sandbox-mcp",
      "args": ["--pass-through-env", "API_KEY,SECRET_TOKEN"],
      "env": {
        "API_KEY": "1234567890",
        "SECRET_TOKEN": "1234567890"
      }
    }
  }
}

4. Configure custom images for specific use cases:

{
  "mcpServers": {
    "code-sandbox": {
      "command": "code-sandbox-mcp",
      "env": {
        "CONTAINER_IMAGE": "your-custom-image",
        "CONTAINER_LANGUAGE": "python"
      }
    }
  }
}

Available Tools

run_python_code

  • Executes Python code in an isolated container.
  • Parameters: code (string, required) – The Python code to execute.

run_js_code

  • Executes JavaScript/Node.js code in an isolated container.
  • Parameters: code (string, required) – The JavaScript code to execute.

Building Custom Images

Create specialized containers for your specific needs:

docker build -t your-account/code-sandbox-python:latest -f containers/Dockerfile.python .
docker build -t your-account/code-sandbox-js:latest -f containers/Dockerfile.nodejs .

FAQs

Q: What container runtimes are supported?
A: The server works with Docker, Podman, and other OCI-compatible container runtimes. It automatically detects the available runtime on your system.

Q: Can I install additional Python packages in the execution environment?
A: Yes, create a custom container image with your required packages installed, then configure the server to use your custom image via the CONTAINER_IMAGE environment variable.

Q: How long do containers run for?
A: Containers are ephemeral. They start when code needs to execute, run the code, capture output, then stop and get removed automatically. Each execution gets a fresh container.

Q: Is there a timeout for code execution?
A: The execution time depends on your container runtime configuration. Long-running processes will continue until completion or until the container runtime enforces its own limits.

Q: Can I access files from the host system in my code?
A: No, containers run in complete isolation. You can only pass data through environment variables or include it directly in your code string. This isolation is intentional for security.

Q: What happens if my code has an error?
A: Both stdout and stderr streams are captured and returned. Your code errors will be visible in the response, but they won’t crash the server or affect the host system.

Q: Can multiple code executions run simultaneously?
A: Each execution creates its own container, so multiple executions can run concurrently without interfering with each other.

Latest MCP Servers

CVE

An MCP Server that connects Claude to 27 security tools for CVE triage, EPSS checks, KEV status, exploit lookup, and package scanning.

WebMCP

webmcp is an MCP server that connects MCP clients to web search, page fetching, and local LLM-based extraction. It’s ideal…

Google Meta Ads GA4

An MCP server that connects AI assistants to Google Ads, Meta Ads, and GA4 for reporting, edits, and cross-platform analysis.

View More MCP Servers >>

Featured MCP Servers

Notion

Notion's official MCP Server allows you to interact with Notion workspaces through the Notion API.

Claude Peers

An MCP server that enables Claude Code instances to discover each other and exchange messages instantly via a local broker daemon with SQLite persistence.

Excalidraw

Excalidraw's official MCP server that streams interactive hand-drawn diagrams to Claude, ChatGPT, and VS Code with smooth camera control and fullscreen editing.

More Featured MCP Servers >>

FAQs

Q: What exactly is the Model Context Protocol (MCP)?

A: MCP is an open standard, like a common language, that lets AI applications (clients) and external data sources or tools (servers) talk to each other. It helps AI models get the context (data, instructions, tools) they need from outside systems to give more accurate and relevant responses. Think of it as a universal adapter for AI connections.

Q: How is MCP different from OpenAI's function calling or plugins?

A: While OpenAI's tools allow models to use specific external functions, MCP is a broader, open standard. It covers not just tool use, but also providing structured data (Resources) and instruction templates (Prompts) as context. Being an open standard means it's not tied to one company's models or platform. OpenAI has even started adopting MCP in its Agents SDK.

Q: Can I use MCP with frameworks like LangChain?

A: Yes, MCP is designed to complement frameworks like LangChain or LlamaIndex. Instead of relying solely on custom connectors within these frameworks, you can use MCP as a standardized bridge to connect to various tools and data sources. There's potential for interoperability, like converting MCP tools into LangChain tools.

Q: Why was MCP created? What problem does it solve?

A: It was created because large language models often lack real-time information and connecting them to external data/tools required custom, complex integrations for each pair. MCP solves this by providing a standard way to connect, reducing development time, complexity, and cost, and enabling better interoperability between different AI models and tools.

Q: Is MCP secure? What are the main risks?

A: Security is a major consideration. While MCP includes principles like user consent and control, risks exist. These include potential server compromises leading to token theft, indirect prompt injection attacks, excessive permissions, context data leakage, session hijacking, and vulnerabilities in server implementations. Implementing robust security measures like OAuth 2.1, TLS, strict permissions, and monitoring is crucial.

Q: Who is behind MCP?

A: MCP was initially developed and open-sourced by Anthropic. However, it's an open standard with active contributions from the community, including companies like Microsoft and VMware Tanzu who maintain official SDKs.

Trending now

10 Best AI Image Generators
10 Best AI Image Generators in 2026: Free and Paid
hermes-web-ui-desktop
Self-Hosted Dashboard (Desktop App) for Hermes Agent – Hermes Web UI
subvid-app-ai-subtitle-generator
Free AI Subtitle Generator for Local Videos – subvid.app
Lathe Web UI with Navigation
Lathe: Open-Source AI Tutorial Generator for Hands-On Coding Practice

Get the latest & top AI tools sent directly to your email.

Subscribe now to explore the latest & top AI tools and resources, all in one convenient newsletter. No spam, we promise!