Skip to main content
Glama
philipp-eisen

Modal MCP Toolbox

by philipp-eisen
OverviewSchemaRelated ServersScoreDiscussions
Python
Hybrid

run_python_code_in_sandbox

Execute Python code in a secure sandbox environment, manage dependencies, and retrieve outputs safely using the Modal MCP Toolbox. Ideal for isolated testing and script execution.

Instructions

Runs python code in a safe environment and returns the output.

Usage:
   run_python_code_in_sandbox("print('Hello, world!')")
   run_python_code_in_sandbox("import requests

print(requests.get('https://icanhazip.com').text)", requirements=["requests"])

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
codeYesThe python code to run.
mount_directoryNoAllows you to make a local directory available at `/mounted-dir` for the code in `code`. Needs to be an absolute path. Writes to this directory will NOT be reflected in the local directory.
pull_filesNoList of tuples (absolut_path_sandbox_file, absolute_path_local_file). When provided downloads the file(s) from the sandbox to the local file(s).
python_versionNoThe python version to use. If not provided defaults to 3.133.13
requirementsNoThe requirements to install.

Implementation Reference

  • src/modal_mcp_toolbox/code.py:10-75 (handler)
    The handler function that executes Python code in a Modal sandbox environment. It handles code execution, requirement installation, directory mounting, file pulling, error handling, and returns the output as TextContent.
    async def run_python_code_in_sandbox(
    code: Annotated[str, Field(description="The python code to run.")],
    requirements: Annotated[list[str] | None, Field(description="The requirements to install.")] = None,
    python_version: Annotated[str, Field(description="The python version to use. If not provided defaults to 3.13")] = "3.13",
    mount_directory: Annotated[
        str | None,
        Field(
            description="Allows you to make a local directory available at `/mounted-dir` for the code in `code`. Needs to be an absolute path. "
            "Writes to this directory will NOT be reflected in the local directory."
        ),
    ] = None,
    pull_files: Annotated[
        list[tuple[str, str]] | None,
        Field(
            description="List of tuples (absolut_path_sandbox_file, absolute_path_local_file). "
            "When provided downloads the file(s) from the sandbox to the local file(s)."
        ),
    ] = None,
) -> TextContent:
    """
    Runs python code in a safe environment and returns the output.

    Usage:
       run_python_code_in_sandbox("print('Hello, world!')")
       run_python_code_in_sandbox("import requests\nprint(requests.get('https://icanhazip.com').text)", requirements=["requests"])
    """

    app = modal.App.lookup("mcp-toolbox--code", create_if_missing=True)
    image = modal.Image.debian_slim(python_version=python_version).pip_install(requirements or [])

    mounts: list[modal.Mount] = []
    if mount_directory:
        mounts.append(modal.Mount.from_local_dir(mount_directory, remote_path="/mounted-dir"))

    sb = modal.Sandbox.create(image=image, app=app, mounts=mounts)
    try:
        exc = sb.exec("python", "-c", code)
        exc.wait()
        if exc.returncode != 0:
            stderr = exc.stderr.read()
            raise McpError(
                ErrorData(
                    code=INVALID_PARAMS,
                    message=f"Error running code:\n{stderr}",
                )
            )

        if pull_files:
            for remote_file, local_file in pull_files:
                if not Path(local_file).parent.exists():
                    Path(local_file).parent.mkdir(parents=True, exist_ok=True)

                if Path(local_file).exists():
                    raise McpError(
                        ErrorData(
                            code=INVALID_PARAMS,
                            message=f"File {local_file} already exists.",
                        )
                    )
                with sb.open(remote_file, "rb") as f:
                    with open(local_file, "wb") as f2:
                        f2.write(f.read())
        return TextContent(type="text", text=exc.stdout.read(), annotations=Annotations(audience=["user", "assistant"], priority=0.5))

    finally:
        sb.terminate()
  • src/modal_mcp_toolbox/__init__.py:7-12 (registration)
    Imports and registers the run_python_code_in_sandbox tool with the FastMCP server.
    from modal_mcp_toolbox.code import run_python_code_in_sandbox
from modal_mcp_toolbox.flux import generate_flux_image

server = FastMCP("modal-toolbox")

server.add_tool(run_python_code_in_sandbox)
  • src/modal_mcp_toolbox/code.py:10-28 (schema)
    Pydantic Field annotations defining the input schema and descriptions for the tool parameters.
    async def run_python_code_in_sandbox(
    code: Annotated[str, Field(description="The python code to run.")],
    requirements: Annotated[list[str] | None, Field(description="The requirements to install.")] = None,
    python_version: Annotated[str, Field(description="The python version to use. If not provided defaults to 3.13")] = "3.13",
    mount_directory: Annotated[
        str | None,
        Field(
            description="Allows you to make a local directory available at `/mounted-dir` for the code in `code`. Needs to be an absolute path. "
            "Writes to this directory will NOT be reflected in the local directory."
        ),
    ] = None,
    pull_files: Annotated[
        list[tuple[str, str]] | None,
        Field(
            description="List of tuples (absolut_path_sandbox_file, absolute_path_local_file). "
            "When provided downloads the file(s) from the sandbox to the local file(s)."
        ),
    ] = None,
) -> TextContent:

Tool Definition Quality

B3.1/5.0
Behavior2/5

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden of behavioral disclosure. It mentions 'safe environment' and shows examples, but lacks details on constraints like time limits, memory limits, allowed libraries, network access, or error handling. For a tool that executes arbitrary code, this is a significant gap in transparency about its operational boundaries and safety mechanisms.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Conciseness4/5

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately sized and front-loaded: it starts with a clear purpose statement, followed by usage examples. The examples are relevant and illustrate key parameters. However, the second example is split across lines, which slightly affects readability but doesn't significantly impact conciseness. Overall, it's efficient with minimal waste.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Completeness2/5

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of executing arbitrary code in a sandbox, the lack of annotations, and no output schema, the description is incomplete. It doesn't explain what 'safe environment' entails, potential risks, return formats, or error conditions. For a tool with 5 parameters and significant behavioral implications, more context is needed to guide an AI agent effectively.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Parameters3/5

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 100% description coverage, so the baseline is 3. The description doesn't add any parameter semantics beyond what the schema provides; it only shows usage examples with 'code' and 'requirements' parameters. No additional context or clarification is given for parameters like 'mount_directory' or 'pull_files', which have detailed schema descriptions.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Purpose4/5

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Runs python code in a safe environment and returns the output.' It specifies the verb ('runs'), resource ('python code'), and key constraint ('safe environment'). However, it doesn't differentiate from the only sibling tool 'generate_flux_image', which is unrelated to code execution, so it doesn't need sibling differentiation but also doesn't explicitly contrast with potential alternatives.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Usage Guidelines3/5

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides usage examples that imply when to use this tool (for executing Python code in a sandboxed environment), but it doesn't explicitly state when to use it versus alternatives or when not to use it. The examples show basic and network-related code, suggesting general-purpose use, but no explicit guidance on context or exclusions is given.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.

Install Server

Other Tools

Related Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/philipp-eisen/modal-mcp-toolbox'

If you have feedback or need assistance with the MCP directory API, please join our Discord server