MCP Sandbox: Run MCP Servers in Isolated Containers Without Trusting Them

A developer has built MCP Sandbox, a tool that addresses security concerns when running MCP (Model Context Protocol) servers by executing them in isolated containers rather than trusting them directly. The current default approach of running MCP servers and hoping for the best presents risks since these servers are code that can contain CVEs, backdoors, data exfiltration capabilities, or prompt injection vulnerabilities.

Key Security Features

MCP Sandbox implements several security measures:

• Runs MCP servers in isolated containers using gVisor
• Provides no direct access to your host system
• Implements controlled network access with default-deny policy
• Injects secrets safely without exposing them to the server code

Pre-Execution Validation

Before any MCP server runs, the system performs multiple checks:

• Scans code for known CVEs
• Checks against millions of real-world failure patterns
• Validates code before execution

The system continues re-checking over time as new vulnerabilities are discovered.

Availability and Development

The tool is being developed as part of mistaike.ai, with no external funding. CVE scanning is currently free, and the developer is allowing full system use while determining usage limits. The developer is seeking feedback from people working with MCP and AI agents about how they currently handle untrusted tools.

This approach flips the security model from trusting MCP servers to running them in a sandboxed environment where their actions are constrained and monitored.