"A Dockerized Python Code Execution Environment" matching MCP tools:

• ateam_redeploy

  ateam-mcp

  Re-deploy skills WITHOUT changing any definitions. ⚠️ HEAVY OPERATION: regenerates MCP servers (Python code) for every skill, pushes each to A-Team Core, restarts connectors, and verifies tool discovery. Takes 30-120s depending on skill count. Use after connector restarts, Core hiccups, or stale state. For incremental changes, prefer ateam_patch (which updates + redeploys in one step).

  Connector

• check_injection

  ContrastAPI

  Scan source code for injection vulnerabilities: SQL injection, command injection, path traversal via unsafe string concatenation/unsanitized input. Supports Python, JavaScript, TypeScript, Java, Go, Ruby, Shell, Bash. Use to detect input-handling bugs; for secrets use check_secrets. Companion code-security tools: check_secrets (hard-coded credential detection), check_dependencies (known-CVE vulnerability audit), check_headers (live HTTP security-header validation), scan_headers (live HTTP scan via domain). Free: 30/hr, Pro: 500/hr. Returns {total, by_severity, findings}. No data stored.

  Connector

• get_strategy_code

  quantifyme

  Get the actual Python code behind a community leaderboard strategy. Use after `browse_community`: pass an entry's `id` here to read its real `feature_engineering()` + `strategy_config()` source so the user can inspect or tweak it. To deploy it unchanged, pass the same id to `one_shot` as `community_id`. Read-only, no signup needed. Args: community_id: The `id` of a community entry (from `browse_community`). Returns: dict with: id, title, username, description, symbol, timeframe, metrics {total_ret, win_rate, profit_factor, n_trades, mdd, sharpe_strat}, and `code` (the full Python source). SHOW the code to the user, and offer to deploy it via one_shot(community_id=...) or tweak it first.

  Connector

• get_skill

  civilquants

  Paid tier only. Fetch a senior-QS skill methodology by slug (see list_skills) and APPLY it to the user's documents — the returned body is the system instruction for you to run the methodology on the customer's tokens; CivilQuants does not run inference. Paid callers get the full methodology; anonymous/free callers get a TIER_INSUFFICIENT upsell body; a rejected token gets an INVALID_TOKEN re-authenticate body. The document-heavy skills assume you can chunk/parse the customer's files and render a Word pack locally — that needs a code-execution client (Claude Code / Codex / VS Code) and the pack from get_document_pipeline; on a chat connector you can still read and reason with the methodology. Sign up at https://civilquants.com/pricing. Example: get_skill(skill="tender_risk_assessment").

  Connector

• get_template

  Gitignore

  Fetch the raw .gitignore content for the named template (case-sensitive, e.g. "Node", "Python", "macOS").

  Connector

• generate_wallet

  Solentic

  Returns runnable code that creates a Solana keypair. Solentic cannot generate the keypair for you and never sees the private key — generation must happen wherever you run code (the agent process, a code-interpreter tool, a Python/Node sandbox, the user's shell). The response includes the snippet ready to execute. After running it, fund the resulting publicKey and call the `stake` tool with {walletAddress, secretKey, amountSol} to stake in one call.

  Connector

• get_byos_config

  Uploadkit

  Generate Bring-Your-Own-Storage (BYOS) configuration for an UploadKit Next.js handler — environment variables, handler code, and setup notes for a specific storage provider. When to use: the user wants to store uploads in their own cloud bucket instead of UploadKit's managed R2. Typical triggers: compliance/data-residency requirements, existing bucket infra, desire to avoid vendor lock-in. Returns: a plain-text string with three sections — provider-specific notes, the .env variable block, and the TypeScript handler code. Credentials are always server-side; the browser never sees them. Read-only, deterministic. No network calls, no secrets exposed.

  Connector

• scan_skill

  SecurityScan

  Scan a GitHub repository or skill URL for security vulnerabilities. This tool performs static analysis and AI-powered detection to identify: - Hardcoded credentials and API keys - Remote code execution patterns - Data exfiltration attempts - Privilege escalation risks - OWASP LLM Top 10 vulnerabilities Requires a valid X-API-Key header. Cached results (24h) do not consume credits. Args: skill_url: GitHub repository URL (e.g., https://github.com/owner/repo) or raw file URL to scan Returns: ScanResult with security score (0-100), recommendation, and detected issues. Score >= 80 is SAFE, 50-79 is CAUTION, < 50 is DANGEROUS. Example: scan_skill("https://github.com/anthropics/anthropic-sdk-python")

  Connector

• find_examples

  Senzing

  Find working SOURCE CODE examples from 37 indexed Senzing GitHub repositories. REQUIRED: either `query` (string, for search) or `repo` with `file_path` or `list_files=true` — the call WILL FAIL without one. Three modes: (1) Search: pass `query` to find examples across all repos, (2) File listing: pass `repo` + `list_files=true`, (3) File retrieval: pass `repo` + `file_path`. Indexes source code (.py, .java, .cs, .rs) and READMEs — NOT build/data files. For sample data, use get_sample_data. Covers Python, Java, C#, Rust SDK patterns: initialization, ingestion, search, redo, configuration, message queues, REST APIs. Use max_lines to limit large files. Returns GitHub raw URLs for file retrieval.

  Connector

• woet_classifier

  cpp-cpm-engine

  Worked-vs-On-time Execution Timeline (WOET) per-activity day-by-day classification of as-built execution against baseline. For each pairable activity (matched by ``task_code``), classifies execution into 4 day-states: - PROGRESS: work performed during the baseline-planned window - GAIN: work performed BEFORE the baseline window opened - EXTENDED: work performed AFTER the baseline window closed - VOID: baseline-window day where activity was NOT active This is a CPP-disclosed enhancement layered on top of AACE 29R-03 §3.3 Windows Analysis — a per-day execution classifier (Progress/Gain/Extended/Void) NOT itself AACE-defined. It is not a substitute for fragnet-based AACE 29R-03 §3.7 (TIA) modeling. It gives the trier-of-fact a calendar picture of how the project executed versus how it was supposed to execute, which is otherwise buried in finish-date deltas. Use this tool when you want a per-activity execution-quality picture (on-time %, count of activities with VOID days, etc.). Args: baseline_xer_path: server-side path to baseline XER (target dates). actual_xer_path: server-side path to as-built XER (act dates). baseline_xer_content: full text of baseline XER (alternative). actual_xer_content: full text of as-built XER (alternative). Supply EXACTLY ONE of path/content per pair. today: optional ISO date (YYYY-MM-DD) reference for in-progress activities. Defaults to actual XER's last_recalc_date if available, else today's date. Returns: { "method": "WOET", "standard": "AACE 29R-03 §3.3 Windows Analysis — per-day execution classification overlay (CPP-disclosed enhancement, not AACE-defined)", "today": "YYYY-MM-DD", "project_totals": {progress, gain, extended, void}, "per_activity": [{code, name, baseline_start, ...}, ...], "on_time_pct": float (0-100) }

  Connector

• tool_compute_sandbox

  agent-vending-factory

  POST /tools/tool_compute_sandbox/run — Executes Python 3.12 code in an isolated subprocess with a 5-second hard timeout. Input: {python_code: string, input_data: any (optional, bound as variable 'input_data')}. Output: {success, result, stdout (capped 50KB), execution_time_ms, error_type}. Return value: assign to 'result' variable. Pre-loaded: math, json, re, statistics, itertools, functools, collections, decimal, datetime, random, hashlib, base64. Blocked: import, open(), eval(), exec(), os, sys, network, class definitions, dunder attributes. error_type values: syntax_error | security_error | runtime_error | timeout_error. Cost: $0.1500 USDC per call.

  Connector

• get_document_pipeline

  civilquants

  Obtain the CivilQuants customer-side document pipeline — the toolkit the document-heavy skills (tender review, geotechnical / geo-environmental interpretation) use to chunk a tender pack and render a Word pack on the user's machine. Returns the self-unpacking chunking package, the pipeline discipline, and the python-docx render helpers. Universal (free + paid). NOTE: running the pipeline over real documents requires a code-execution client (Claude Code / Codex / VS Code) — a chat connector can read the toolkit but cannot execute it. The full kit is large (~60 KB); pass component='chunking'|'discipline'|'render' for one part (~20 KB each), or omit it for the whole kit.

  Connector

• generate_wallet

  Blueprint Agentic Staking (Solentic)

  Returns runnable code that creates a Solana keypair. Solentic cannot generate the keypair for you and never sees the private key — generation must happen wherever you run code (the agent process, a code-interpreter tool, a Python/Node sandbox, the user's shell). The response includes the snippet ready to execute. After running it, fund the resulting publicKey and call the `stake` tool with {walletAddress, secretKey, amountSol} to stake in one call.

  Connector

• set-env

  mcp

  Set an environment variable for a project. Variables are encrypted at rest (AES-256-GCM) and injected at container runtime. NOTE: DATABASE_URL, PGHOST, PGPORT, PGUSER, PGPASSWORD, and PGDATABASE are all auto-injected for the managed PostgreSQL database — you do NOT need to set any of them manually. The PORT variable is auto-managed: 8080 for auto-detected frameworks (Next.js, Node.js, Python), or auto-detected from the Dockerfile EXPOSE directive for custom Dockerfile builds. IMPORTANT: Changing env vars does NOT auto-redeploy. You must call deploy or use the redeploy API endpoint to apply changes. For Next.js apps, NEXT_PUBLIC_* variables must be set BEFORE deploying since they are embedded at build time.

  Connector

• x711_code_sandbox

  x711 — Universal Agent Gas Station

  Execute JavaScript or Python code in an isolated sandbox. Use for: data processing, math, CSV parsing, JSON transformation, crypto calculations, algorithm testing. Secure — no filesystem access, no network. Returns: { output: string, runtime_ms: number, language: string }. Requires API key.

  Connector

• list_skills

  civilquants

  List the 10 senior-QS skill methodologies CivilQuants exposes (tender review, risk assessment, QS measurement/contract advice, geotechnical + geo-environmental interpretation, earthworks, preliminaries, pavement design, subcontract analysis). Universal discovery — both tiers see the full list. Returns each skill's slug, title, one-line summary and tier; then call get_skill(skill=<slug>) to fetch the methodology body. The skills are paid-tier; a free caller gets a sign-up prompt from get_skill. NOTE: the document-heavy skills (tender review, the interpretation skills) need a code-execution client (Claude Code / Codex / VS Code) plus the chunking pack from get_document_pipeline to run a real tender pack — on a chat connector you can read the methodology but cannot chunk/parse files.

  Connector

• request_swap

  Gitbank

  Request a token swap inside a Gitbank vault (e.g. USDC to WETH). Returns a confirm_code the user must post on GitHub to authorize execution.

  Connector

• generate_scaffold

  Senzing

  Generate SDK scaffold code for common workflows. Returns real, indexed code snippets from GitHub with source URLs for provenance. Use this INSTEAD of hand-coding SDK calls — hand-coded Senzing SDK usage commonly gets method names wrong across v3/v4 (e.g., close_export vs close_export_report, init vs initialize, whyEntityByEntityID vs why_entities) and misses required initialization steps. Languages: python, java, csharp, rust. Workflows: initialize, configure, add_records, delete, query, redo, stewardship, information, full_pipeline (aliases accepted: init, config, ingest, remove, search, redoer, force_resolve, info, e2e). V3 supports Python and Java only. Returns GitHub raw URLs — fetch each snippet to read the source code.

  Connector

• check_secrets

  ContrastAPI

  Scan source code (or snippet) for hardcoded secrets — cloud provider keys, API tokens, connection strings, private keys, passwords. Supports Python, JavaScript, TypeScript, Java, Go, Ruby, Shell, Bash. Use to detect leaked credentials before commit; for injection detection use check_injection. Free: 30/hr, Pro: 500/hr. Returns {total, by_severity, findings}. No data stored. The generic password-assignment rule is suppressed when a more-specific credential rule fires on the same line — one targeted finding per leaked secret, not two.

  Connector

• verify_transfer_code

  instadomain

  Verify the email code and get a transfer token valid for 15 minutes. Call this after request_transfer_code and the user provides their code. Pass the returned transfer_token to get_transfer_code or unlock_domain. Args: order_id: The order ID of a completed domain purchase. code: The 6-digit code from the verification email.

  Connector