{"id":"sandboxrunner-mcp-server","name":"mcp-server","homepage":null,"repo_url":"https://github.com/sandboxrunner/mcp-server","category":"infrastructure","subcategories":[],"tags":["mcp","sandbox","containerization","code-execution","runc","oci","security","multi-language"],"what_it_does":"An MCP (Model Context Protocol) server that runs user-provided code inside isolated, resource-limited sandbox environments using runc/OCI containers. It supports multiple programming languages via language-specific handlers and offers persistence for sandbox state via SQLite. It can expose MCP over stdio or HTTP/WebSocket and includes configurable security policies and audit logging.","use_cases":["Securely executing untrusted code snippets or scripts for analysis","AI-assisted coding workflows where the model needs to run/verify code safely","Polyglot “run code” tooling for LLM agents (Python/JS/Go/Rust/Java/C++/C#/Shell, etc.)","Testing or CI-like execution of multi-language programs in a controlled environment"],"not_for":["Running code that must access the public internet or sensitive internal systems without strict network/file isolation guarantees","High-trust environments where container sandboxing is unnecessary","Use cases requiring strong enterprise auth/identity integrations (not evidenced here)","Systems needing documented idempotent APIs/operations guarantees (not evidenced here)"],"best_when":"When you need an agent-accessible, multi-language execution sandbox that isolates processes via OCI containers and you can deploy on Linux with container support.","avoid_when":"When you cannot enforce/verify network, filesystem, and container escape protections beyond what is documented, or when you need first-class enterprise auth, documented rate limiting, and strong API error/retry semantics.","alternatives":["Other MCP sandbox/runner implementations (various community projects)","Dedicated job runners with container isolation (e.g., Kubernetes Jobs with restricted PodSecurity)","Serverless code execution platforms with sandboxing","Workflow engines that execute code in CI containers (e.g., GitHub Actions runners)"],"af_score":42.5,"security_score":35.0,"reliability_score":21.2,"package_type":"mcp_server","discovery_source":["github"],"priority":"low","status":"evaluated","version_evaluated":null,"last_evaluated":"2026-04-04T21:22:22.128337+00:00","interface":{"has_rest_api":true,"has_graphql":false,"has_grpc":false,"has_mcp_server":true,"mcp_server_url":null,"has_sdk":false,"sdk_languages":[],"openapi_spec_url":null,"webhooks":false},"auth":{"methods":[],"oauth":false,"scopes":false,"notes":"No authentication mechanism (API keys/OAuth/etc.) is described in the provided README content. For an HTTP/WebSocket MCP mode, authentication/authorization would be expected but is not documented here."},"pricing":{"model":null,"free_tier_exists":false,"free_tier_limits":null,"paid_tiers":[],"requires_credit_card":false,"estimated_workload_costs":null,"notes":null},"requirements":{"requires_signup":false,"requires_credit_card":false,"domain_verification":false,"data_residency":[],"compliance":[],"min_contract":null},"agent_readiness":{"af_score":42.5,"security_score":35.0,"reliability_score":21.2,"mcp_server_quality":70.0,"documentation_accuracy":55.0,"error_message_quality":0.0,"error_message_notes":null,"auth_complexity":20.0,"rate_limit_clarity":10.0,"tls_enforcement":60.0,"auth_strength":20.0,"scope_granularity":20.0,"dependency_hygiene":40.0,"secret_handling":40.0,"security_notes":"Security is primarily based on container/process isolation via runc/OCI, resource limits, configurable security policies, and audit logging (as claimed in the README). However, the provided content does not document TLS enforcement details, authentication/authorization, scope granularity, or how secrets are handled, so scores are conservative. For sandboxing, additional crucial controls (network egress restrictions, filesystem mounts, seccomp/capabilities, image patching cadence) are not described in the supplied text.","uptime_documented":0.0,"version_stability":30.0,"breaking_changes_history":20.0,"error_recovery":35.0,"idempotency_support":"false","idempotency_notes":null,"pagination_style":"none","retry_guidance_documented":false,"known_agent_gotchas":["Sandboxed execution commonly has limits (CPU/memory/disk) that may cause failures; agents should be prepared to handle execution timeouts/OOM/disk-full conditions.","When using container-based runners, agents may need to explicitly provide all dependencies/source in the request; “import/package availability” may differ from the agent’s environment.","If MCP is exposed over HTTP/WebSocket, ensure transport/auth/network isolation is configured appropriately; the README does not document auth details.","State persistence via SQLite may require cleanup/retention policies to avoid unintended cross-run state or storage growth."]}}