Safe Local Python Executor

Safe Local Python Executor

A secure MCP server for local Python code execution by LLMs.

View on GitHub
38
Stars
8
Forks
38
Watchers
1
Issues
Safe Local Python Executor provides a Model Context Protocol (MCP) server that securely exposes a local Python code execution environment for AI models and clients. Leveraging Hugging Face's LocalPythonExecutor from smolagents, it limits available imports and blocks file I/O for increased safety, all without requiring Docker or virtual machines. The tool can be integrated with MCP-compatible applications such as Claude Desktop, offering a safe and convenient code interpreter option.

Key Features

Provides MCP (Model Context Protocol) server over stdio transport
Secure execution of Python code generated by LLMs
Restricts file I/O operations
Limited and controlled imports
Runs in a Python virtual environment with 'uv'
No requirement for Docker or VM
Exposes a 'run_python' tool
Easy integration into MCP-compatible clients (e.g. Claude Desktop)
Automatic dependency management
Utilizes Hugging Face's LocalPythonExecutor for safer execution

Use Cases

Adding a secure code interpreter to LLM-powered desktop applications
Providing an isolated environment for code generation and execution
Enabling users to execute Python code with reduced security risks
Integrating with Claude Desktop to supplement its capabilities
Allowing rapid local evaluation of LLM-generated Python code
Facilitating safe plug-and-play code execution for prototyping
Supporting development of tools that need controlled Python runtimes
Offering alternatives to Docker or remote code execution services
Improving LLM tool safety in end-user applications
Simplifying MCP server setup for code interpretation tasks

README

Safe Local Python Executor

An MCP server (stdio transport) that wraps Hugging Face's LocalPythonExecutor (from the smolagents framework). It is a custom Python runtime that provides basic isolation/security when running Python code generated by LLMs locally. It does not require Docker or VM. This package allows to expose the Python executor via MCP (Model Context Protocol) as a tool for LLM apps like Claude Desktop, Cursor or any other MCP compatible client. In case of Claude Desktop this tool is an easy way to add a missing Code Interpreter (available as a plugin in ChatGPT for quite a while already).

Features

  • Exposes run_python tool
  • Safer execution of Python code compared to direct use of Python eva()l
  • Ran via uv in Python venv
  • No file I/O ops are allowed
  • Restricted list of imports
    • collections
    • datetime
    • itertools
    • math
    • queue
    • random
    • re
    • stat
    • statistics
    • time
    • unicodedata

Security

Be careful with execution of code produced by LLM on your machine, stay away from MCP servers that run Python via command line or using eval(). The safest option is using a VM or a docker container, though it requires some effort to set-up, consumes resources/slower. There're 3rd party servcices providing Python runtime, though they require registration, API keys etc.

LocalPythonExecutor provides a good balance between direct use of local Python environment (which is easier to set-up) AND remote execution in Dokcer container or a VM/3rd party service (which is safe). Hugginng Face team has invested time into creating a quick and safe option to run LLM generated code used by their code agents. This MCP server builds upon it:

To add a first layer of security, code execution in smolagents is not performed by the vanilla Python interpreter. We have re-built a more secure LocalPythonExecutor from the ground up.

Read more here.

Installation and Execution

Installing via Smithery

To install Safe Local Python Executor for Claude Desktop automatically via Smithery:

bash
npx -y @smithery/cli install @maxim-saplin/mcp_safe_local_python_executor --client claude

Installing Manually

  1. Install uv (e.h. brew install uv on macOS or use official docs)
  2. Clone the repo, change the directory cd mcp_safe_local_python_executor
  3. The server can be started via command line uv run mcp_server.py, venv will be created automatically, depedencies (smollagents, mcp) will be installed

Configuring Claude Desktop

  1. Make sure you have Claude for Desktop installed (download from claude.ai)

  2. Edit your Claude for Desktop configuration file:

    • macOS: ~/Library/Application Support/Claude/claude_desktop_config.json
    • Windows: %APPDATA%\Claude\claude_desktop_config.json
    • Or open Claude Desktop -> Settings -> Developer -> click "Edit Config" button

  3. Add the following configuration:

json
{
    "mcpServers": {
        "safe-local-python-executor": {
            "command": "uv",
            "args": [
                "--directory", 
                "/path/to/mcp_local_python_executor/",
                "run",
                "mcp_server.py"
            ]
        }
    }
}
  1. Restart Claude for Desktop
  2. The Python executor tool will now be available in Claude (you'll see hammer icon in the message input field)

Example Prompts

Once configured, you can use prompts like:

  • "Calculate the factorial of 5 using Python"
  • "Create a list of prime numbers up to 100"
  • "Solve this equation (use Python): x^2 + 5x + 6 = 0"

Development

Clone the repo. Use uv to create venv, install dev dependencies, run tests:

uv venv .venv
uv sync --group dev
python -m pytest tests/

smithery badge

MseeP.ai Security Assessment Badge

Star History

Star History Chart

Repository Owner

maxim-saplin

Repository Details

Language Python
Default Branch main
Size 162 KB
Contributors 3
License MIT License
MCP Verified Nov 11, 2025

Programming Languages

Python
93.01%
Dockerfile
6.99%

Join Our Newsletter

Stay updated with the latest AI tools, news, and offers by subscribing to our weekly newsletter.

We respect your privacy. Unsubscribe at any time.

Related MCPs

Discover similar Model Context Protocol servers

  • MCP Shell Server

    MCP Shell Server

    A secure, configurable shell command execution server implementing the Model Context Protocol.

    MCP Shell Server provides secure remote execution of whitelisted shell commands via the Model Context Protocol (MCP). It supports standard input, command output retrieval, and enforces strict safety checks on command operations. The tool allows configuration of allowed commands and execution timeouts, and can be integrated with platforms such as Claude.app and Smithery. With robust security assessments and flexible deployment methods, it facilitates controlled shell access for AI agents.

    • 153
    • MCP
    • tumf/mcp-shell-server
  • CLI MCP Server

    CLI MCP Server

    A secure MCP server for controlled command-line operations.

    CLI MCP Server provides a secure implementation of the Model Context Protocol (MCP) for executing command-line operations with robust security features. It enables controlled CLI access by enforcing command and flag whitelisting, path validation, and shell operator restrictions, making it suitable for integration with large language model applications. Designed for configurable deployment, it supports detailed error reporting, execution timeouts, and strict working directory controls.

    • 155
    • MCP
    • MladenSU/cli-mcp-server
  • MCP Server for Milvus

    MCP Server for Milvus

    Bridge Milvus vector database with AI apps using Model Context Protocol (MCP).

    MCP Server for Milvus enables seamless integration between the Milvus vector database and large language model (LLM) applications via the Model Context Protocol. It exposes Milvus functionality to external LLM-powered tools through both stdio and Server-Sent Events communication modes. The solution is compatible with MCP-enabled clients such as Claude Desktop and Cursor, supporting easy access to relevant vector data for enhanced AI workflows. Configuration is flexible through environment variables or command-line arguments.

    • 196
    • MCP
    • zilliztech/mcp-server-milvus
  • Intruder MCP

    Intruder MCP

    Enable AI agents to control Intruder.io via the Model Context Protocol.

    Intruder MCP allows AI model clients such as Claude and Cursor to interactively control the Intruder vulnerability scanner through the Model Context Protocol. It can be deployed using smithery, locally with Python, or in a Docker container, requiring only an Intruder API key for secure access. The tool provides integration instructions tailored for MCP-compatible clients, streamlining vulnerability management automation for AI-driven workflows.

    • 21
    • MCP
    • intruder-io/intruder-mcp
  • mcp-code-runner

    mcp-code-runner

    A Docker-based code runner implementing the MCP protocol

    mcp-code-runner is a code execution service built on top of the Model Context Protocol (MCP). It enables users to execute code securely within Docker containers and retrieve the execution results. The tool is designed to support code execution use cases while adhering to the MCP standard for interoperability. A local Docker environment is required for operation.

    • 14
    • MCP
    • axliupore/mcp-code-runner
  • Semgrep MCP Server

    Semgrep MCP Server

    A Model Context Protocol server powered by Semgrep for seamless code analysis integration.

    Semgrep MCP Server implements the Model Context Protocol (MCP) to enable efficient and standardized communication for code analysis tasks. It facilitates integration with platforms like LM Studio, Cursor, and Visual Studio Code, providing both Docker and Python (PyPI) deployment options. The tool is now maintained in the main Semgrep repository with continued updates, enhancing compatibility and support across developer tools.

    • 611
    • MCP
    • semgrep/mcp
    • View all Alternatives

    Didn't find tool you were looking for?

    Be as detailed as possible for better results