playbooks

home / mcp / sandbox mcp server

Sandbox MCP Server

A Model Context Protocol (MCP) server that enables LLMs to run ANY code safely in isolated Docker containers.

Installation
Add the following to your MCP client configuration file.

Configuration

View docs
{
  "mcpServers": {
    "pottekkat-sandbox-mcp": {
      "command": "/path/to/sandbox-mcp/dist/sandbox-mcp",
      "args": [
        "--stdio"
      ]
    }
  }
}

Sandbox MCP provides a secure, isolated Docker-based execution environment that lets you safely run and test code generated by language models. It protects your system from untrusted code while letting you iterate faster and produce higher-quality results.

How to use

You use Sandbox MCP with an MCP client to run code inside lightweight, isolated sandboxes. Start the local Sandbox MCP service and configure your MCP client to connect via the stdio interface. Once connected, you can execute code snippets or small scripts inside secure sandboxes such as Python, JavaScript, Go, or network-tools, and observe the results without risking your host system.

How to install

Prerequisites you need before installing are Docker installed and running, and Go 1.24 or higher if you choose to install via Go.

# Install the Sandbox MCP binary via Go
go install github.com/pottekkat/sandbox-mcp/cmd/sandbox-mcp@latest

# Verify the binary is in your PATH
which sandbox-mcp

# Initialize and pull default sandboxes
sandbox-mcp --pull

# Build the required Docker images for the sandboxes
sandbox-mcp --build

If you prefer to run from an already-built binary, download the appropriate binary for your OS and architecture from the Releases page, then run the binary with the stdio flag in your MCP client configuration.

Configuration and startup

{
  "mcpServers": {
    "sandbox-mcp": {
      "command": "/path/to/sandbox-mcp/dist/sandbox-mcp",
      "args": [
        "--stdio"
      ]
    }
  }
}

Start and connect from your MCP client

In your MCP client configuration, reference the local Sandbox MCP server using the stdio interface. This config connects your client to the local binary that runs sandboxes inside Docker containers.

Available sandboxes

Sandbox MCP offers multiple isolated environments for running code and commands. Examples include a shell sandbox for lightweight commands, a Python sandbox for safe Python execution, a Rust sandbox, network-tools for diagnostics, a Go sandbox, a JavaScript sandbox, an APISIX sandbox, and a Java sandbox. You can add your own sandboxes by placing a Dockerfile and a JSON configuration under your config directory.

Notes and considerations

Make sure Docker is installed and running before initializing or building sandboxes. You can pull the default sandboxes and build images with the commands shown above. You can customize sandboxes or add new ones by placing a Dockerfile and configuration under your configuration path.