This MCP is designed to allow you to use a Python execution environment with your LLM of choice (e.g., Claude). For security reasons, some elements of code execution are disabled (use of file I/O, web requests, internal code execution, etc). Because my main use-case is writing ML code, I've only enabled ML related packages (see below for more detail), but this can be customized by the user easily.
There is a Desktop extension file (.dxt) available here in Releases, allowing you to install this MCP into your Claude instance like an simple app. See this Anthropic blog post for more information.
To install with Claude Desktop, simply download the python-mcp.dxt file from Releases and double click the file on your Windows/Mac machine.
NOTE: This DXT is extremely large (~240 MB) packed, and even larger unpacked (~860 MB). This is due to the large size of the dependencies for ML code execution (e.g., torch, sglang). Feel free to install this repository using uv and adjust or modify these requirements.
Alternatively, you can install this package in the command line using uv.
First, make sure you have installed the mcp package:
uv add "mcp[cli]"To test this MCP using MCP Inspector:
uv run mcp dev main.pyTo add this to Claude Desktop:
uv run mcp install main.pyI set up this MCP to help with writing and reviewing simple numpy and torch code, given the tendency of LLMs to hallucinate plausible method signatures, parameters, and documentation. I find this especially using in conjunction with library tutorials that guide the user through particular methods in a Socratic manner, as it allows automated testing of user generated code.
However, this may help with drafting larger pieces of code, albeit with random inputs. It may help to adjust the timeout parameter default for the execute_python tool. Because this is a parameter passed to the MCP that an LLM could manipulate, there is a default cap at 30 seconds; you may wish to remove or adjust this in the code (e.g., for testing out larger NNs).
Below are the allowed and blocked imports:
ALLOWED_IMPORTS = {
'numpy', 'np', 'torch', 'math', 'random', 'collections',
'itertools', 'functools', 'operator', 'copy', 'json',
'datetime', 'time', 're', 'typing', 'matplotlib', 'plt',
'pandas', 'pd', 'polars', 'sklearn','scipy', 'statistics',
'seaborn', 'sglang', 'transformers', 'datasets', 'tokenizers'
}
BLOCKED_IMPORTS = {
'os', 'sys', 'subprocess', 'importlib', 'urllib', 'requests',
'socket', 'http', 'pickle', 'shelve', 'ctypes', 'multiprocessing'
}There are also blocked code patterns:
DANGEROUS_PATTERNS = [
'__import__', 'exec(', 'eval(', 'compile(', 'open(',
'os.', 'sys.', 'subprocess.', '__builtins__'
]If your code uses one of the blocked imports or patterns, the MCP will return an error informing the AI agent of the issue.
The use of the MCP to run code using a package that is not explicitly whitelisted will result in the code failing.
NOTE: When adjusting the ALLOWED_IMPORTS, you should also edit the FastMCP dependencies:
mcp = FastMCP("Python Code Executor", dependencies=["pandas", "requests", "numpy", "torch", "matplotlib", "seaborn", "sglang", "transformers", "datasets", "tokenizers"])Although inconvenient, this is necessary as some ALLOWED_IMPORTS are not installable dependencies (e.g., math).
If editing the library, you can repack the extension as follows (see this Anthropic documentation):
npm install -g @anthropic-ai/dxt
dxt init
dxt pack