Simon Willison’s Weblog: MCP Run Python

Apr 18, 2025

—

Source URL: https://simonwillison.net/2025/Apr/18/mcp-run-python/
Source: Simon Willison’s Weblog
Title: MCP Run Python

Feedly Summary: MCP Run Python
Pydantic AI’s MCP server for running LLM-generated Python code in a sandbox. They ended up using a trick I explored two years ago: using a Deno process to run Pyodide in a WebAssembly sandbox.
Here’s a bit of a wild trick: since Deno loads code on-demand from JSR, and uv run can install Python dependencies on demand via the –with option… here’s a one-liner you can paste into a macOS shell (provided you have Deno and uv installed already) which will run the example from their README:
ANTHROPIC_API_KEY=”sk-ant-…" \
uv run –with pydantic-ai python -c ‘
import asyncio
from pydantic_ai import Agent
from pydantic_ai.mcp import MCPServerStdio

server = MCPServerStdio(
"deno",
args=[
"run",
"-N",
"-R=node_modules",
"-W=node_modules",
"–node-modules-dir=auto",
"jsr:@pydantic/mcp-run-python",
"stdio",
],
)
agent = Agent("claude-3-5-haiku-latest", mcp_servers=[server])

async def main():
async with agent.run_mcp_servers():
result = await agent.run("How many days between 2000-01-01 and 2025-03-18?")
print(result.output)

asyncio.run(main())’
I ran that just now and got:

The number of days between January 1st, 2000 and March 18th, 2025 is 9,208 days.

I thoroughly enjoy how tools like uv and Deno enable throwing together shell one-liner demos like this one.
Via Hacker News
Tags: deno, pydantic, uv, sandboxing, llm-tool-use, ai, llms, model-context-protocol, python, generative-ai

AI Summary and Description: Yes

Summary: The text describes a novel method using the Pydantic AI’s MCP server to run Python code generated by LLMs within a secure sandboxed environment. This approach leverages Deno and WebAssembly technologies, showcasing insights relevant for AI practitioners and security professionals concerned with safe execution of AI-generated code.

Detailed Description:
The provided text outlines an innovative technique for executing Python code generated by large language models (LLMs) within a controlled and secure environment. The main focus is on the Pydantic AI framework and its MCP (Model Context Protocol) server, which allows for the seamless integration of Python execution within the Deno environment, utilizing WebAssembly.

Key Points:

– **Pydantic AI’s MCP Server**: This server facilitates running Python code generated by LLMs in a sandbox, thereby enhancing safety and reducing potential risks associated with executing arbitrary code.
– **Deno Process**: The text highlights the use of Deno, a modern runtime for JavaScript and TypeScript, which loads code on demand. This is significant because it aligns with contemporary best practices in executing code securely without prior installation of dependencies.
– **Sandboxing with WebAssembly**: By utilizing WebAssembly (wasm) through Pyodide, the environment in which Python code executes is isolated, enhancing security by preventing harmful actions beyond the sandbox scope.
– **Instruction for Execution**: The text includes a one-liner shell command that allows users to easily demonstrate this execution in macOS, making the approach accessible to developers interested in experimenting with AI-generated code.
– **Practical Example**: A practical example provided demonstrates running a simple LLM query about date calculations, emphasizing the system’s functionality and efficiency.

Overall Implications for Security Professionals:

– **Security in Execution**: This method highlights a growing trend in AI and software security—executing dynamic code in a secure manner that limits exposure to vulnerabilities.
– **Integration of Technologies**: The combination of Deno, Pyodide, and WebAssembly reflects the importance of leveraging multiple technologies to create secure and robust systems.
– **Rapid Prototyping**: Professionals can utilize such techniques for quick testing and development of AI applications without compromising security, thus enhancing productive workflows in software development and operations.

In conclusion, the text presents a creative application of technologies critical for AI, generative AI security, and broader information security practices, making it highly relevant to professionals in these fields.

.NET 01 1 2 2025 3 5 a access Act actions ads agent AGI AI AI applications AI security and Anthropic anti API app Application applications Arch ARM as async Auto Best best practices by C C code CERN CI CIA Claude Claude-3 co code Col command Context control critical D day days de demand demo deno dependencies developer developers development e efficiency end environment event execution exp for framework function functionality g Gen generated generated code generative Generative AI Go gs H hack hacker Hacker News Haiku harm high Highlight HR http HTTPS implications in information information security information security practices insights installation integration inter Iron J Java JavaScript Just k Key l language language model language models large large language model large language models Large Language Models (LLMs) led Li llm llms lm low mac MacOS making man mcp ML Mode model model context protocol models Modern multi N nation news no Node o of on one operation operations OPM opt out output over point potential potential risks practical example pre process product professionals protocol prototyping Py Pydantic pyodide Python Python code Python execution Q QUIC R rag rapid prototyping rate RCE ready red Risk risks RMF Ro RoT s safe safety sandbox sandboxing sec secure secure environment secure sandbox security security practices security professionals server servers Sig Sim Simple SoC software software development software security source SSE SSO Stdio system systems T Tags: tech techniques technologies test Testing text the Time to tool tools TP two type TypeScript UI up US use user Users uv V vulnerabilities Ware wasm web WebAssembly Wi workflow workflows x