{"id":"pydantic-mcp-run-python","name":"mcp-run-python","homepage":null,"repo_url":"https://github.com/pydantic/mcp-run-python","category":"ai-ml","subcategories":[],"tags":["mcp","python","sandboxing","pyodide","deno","code-execution","tooling"],"what_it_does":"mcp-run-python is an MCP server that executes Python code inside a sandboxed WebAssembly environment by running Pyodide in Deno. It supports running async code, capturing stdout/stderr/return values, and provides helpers for preparing the Deno runtime/environment and for running code via an MCP stdio transport or streamable HTTP transports.","use_cases":["Running LLM-generated Python snippets in an isolated(ish) sandbox for analysis or computation","Integrating Python execution as a tool in an MCP-based agent workflow (e.g., via Pydantic AI MCPServerStdio)","Automated evaluation or data-processing tasks where user-provided code needs some isolation","Lightweight interactive execution of multiple code blocks using a persistent sandbox session"],"not_for":["Running untrusted/malicious code without strict operational safeguards and resource limits","Any workload that requires strong isolation from JavaScript/runtime-level side effects","Production deployments that need a stable, supported service (the project is archived/retired)","Exposing a network-facing execution endpoint to the public without authentication and rate limiting"],"best_when":"Used locally or in a tightly controlled environment where you can control who can submit code and you understand the sandbox limitations; best for short-lived tool calls from trusted agent clients.","avoid_when":"Avoid for public HTTP execution of untrusted code, multi-tenant SaaS execution, or situations requiring rigorous security guarantees stronger than the documented sandbox caveats (pyodide can run arbitrary JS in the same runtime).","alternatives":["pydantic/monty (mentioned by the project maintainers as a safer, lower-latency replacement for the original use case)","Run code in a true OS-level sandbox/container (e.g., Firecracker/microVM, Docker with strong restrictions) instead of a pyodide-in-deno approach","Use a hosted notebook/compute service with explicit permissions and resource controls (where appropriate)"],"af_score":59.8,"security_score":33.5,"reliability_score":31.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"high","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-03-30T13:38:22.142091+00:00","interface":{"has_rest_api":false,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"README does not describe any authentication mechanism. If using streamable-http transports in a networked setting, auth/rate limiting would need to be provided externally or by transport-layer/security measures not documented here."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":"Self-hosted open-source tooling; no vendor pricing described."},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":59.8,"security_score":33.5,"reliability_score":31.2,"mcp_server_quality":75.0,"documentation_accuracy":70.0,"error_message_quality":null,"error_message_notes":"Error handling is described at a high level (detailed error reports), but no specific error codes/payload schemas are shown in the provided content.","auth_complexity":95.0,"rate_limit_clarity":0.0,"tls_enforcement":50.0,"auth_strength":10.0,"scope_granularity":0.0,"dependency_hygiene":60.0,"secret_handling":60.0,"security_notes":"The README indicates code runs in Pyodide within Deno, with isolation from the OS, but explicitly warns that Pyodide can run arbitrary JavaScript (tainting runtime across invocations, reading/writing files accessible to the runtime, and OOM/resource exhaustion). No authentication is documented, and network safety (auth, rate limiting, timeouts) is not described, so deployment hardening is required. Dependency hygiene is unknown from the excerpt; only mcp dependency is visible in the manifest.","uptime_documented":0.0,"version_stability":35.0,"breaking_changes_history":40.0,"error_recovery":50.0,"idempotency_support":"false","idempotency_notes":"Code execution is inherently side-effectful within the sandbox; idempotency cannot be assumed.","pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Project is archived/retired; reliability and security posture may degrade over time.","Security caveat: Python running in Pyodide can execute arbitrary JavaScript in the runtime, with potential for runtime tainting and resource exhaustion if not controlled.","Dependency installation is a two-step Deno process; first-run behavior may incur latency and should be accounted for in agent timeouts.","No explicit auth/rate-limit behavior is documented; network-facing usage requires extra safeguards outside the package."]}}