mcp-run-python
mcp-run-python is an MCP server that executes Python code inside a sandboxed WebAssembly environment by running Pyodide in Deno. It supports running async code, capturing stdout/stderr/return values, and provides helpers for preparing the Deno runtime/environment and for running code via an MCP stdio transport or streamable HTTP transports.
Score Breakdown
⚙ Agent Friendliness
🔒 Security
The README indicates code runs in Pyodide within Deno, with isolation from the OS, but explicitly warns that Pyodide can run arbitrary JavaScript (tainting runtime across invocations, reading/writing files accessible to the runtime, and OOM/resource exhaustion). No authentication is documented, and network safety (auth, rate limiting, timeouts) is not described, so deployment hardening is required. Dependency hygiene is unknown from the excerpt; only mcp dependency is visible in the manifest.
⚡ Reliability
Best When
Used locally or in a tightly controlled environment where you can control who can submit code and you understand the sandbox limitations; best for short-lived tool calls from trusted agent clients.
Avoid When
Avoid for public HTTP execution of untrusted code, multi-tenant SaaS execution, or situations requiring rigorous security guarantees stronger than the documented sandbox caveats (pyodide can run arbitrary JS in the same runtime).
Use Cases
- • Running LLM-generated Python snippets in an isolated(ish) sandbox for analysis or computation
- • Integrating Python execution as a tool in an MCP-based agent workflow (e.g., via Pydantic AI MCPServerStdio)
- • Automated evaluation or data-processing tasks where user-provided code needs some isolation
- • Lightweight interactive execution of multiple code blocks using a persistent sandbox session
Not For
- • Running untrusted/malicious code without strict operational safeguards and resource limits
- • Any workload that requires strong isolation from JavaScript/runtime-level side effects
- • Production deployments that need a stable, supported service (the project is archived/retired)
- • Exposing a network-facing execution endpoint to the public without authentication and rate limiting
Interface
Authentication
README does not describe any authentication mechanism. If using streamable-http transports in a networked setting, auth/rate limiting would need to be provided externally or by transport-layer/security measures not documented here.
Pricing
Self-hosted open-source tooling; no vendor pricing described.
Agent Metadata
Known Gotchas
- ⚠ Project is archived/retired; reliability and security posture may degrade over time.
- ⚠ Security caveat: Python running in Pyodide can execute arbitrary JavaScript in the runtime, with potential for runtime tainting and resource exhaustion if not controlled.
- ⚠ Dependency installation is a two-step Deno process; first-run behavior may incur latency and should be accounted for in agent timeouts.
- ⚠ No explicit auth/rate-limit behavior is documented; network-facing usage requires extra safeguards outside the package.
Alternatives
Full Evaluation Report
Comprehensive deep-dive: security analysis, reliability audit, agent experience review, cost modeling, competitive positioning, and improvement roadmap for mcp-run-python.
AI-powered analysis · PDF + markdown · Delivered within 30 minutes
Package Brief
Quick verdict, integration guide, cost projections, gotchas with workarounds, and alternatives comparison.
Delivered within 10 minutes
Score Monitoring
Get alerted when this package's AF, security, or reliability scores change significantly. Stay ahead of regressions.
Continuous monitoring
Scores are editorial opinions as of 2026-03-30.