sandbox-mcp
by mattzcarey
Overview
This MCP server acts as a coding agent platform, providing a programmatic interface to Cloudflare Sandbox environments for secure code execution, process management, Git operations, and interaction with AI models like Claude Code.
Installation
wrangler devEnvironment Variables
- AUTH_TOKEN
- ANTHROPIC_API_KEY
- SANDBOX
- MCP_SERVER
Security Notes
The server exposes powerful tools such as `exec` (arbitrary bash commands), `startProcess` (long-running background processes), `gitCheckout` (cloning repositories, potentially with authentication tokens), and `exposePort` (making internal sandbox ports publicly accessible). While these are intended for a sandboxed environment (`@cloudflare/sandbox`), a compromise of the `AUTH_TOKEN` could lead to powerful remote code execution or exposure of malicious services within Cloudflare's infrastructure. The `ANTHROPIC_API_KEY` is injected into the sandbox environment, making it accessible to any executed code, which is an inherent risk if the sandbox itself is compromised. Global CORS is enabled, and authentication relies solely on a single `AUTH_TOKEN` environment variable.
Similar Servers
semantic-wake-intelligence-mcp
Provides a 3-layer temporal intelligence system for AI agents, managing context with causality tracking, memory management, and predictive pre-fetching via an MCP server.
test-remote-mcp-server
Deploys a remote Model Context Protocol (MCP) server on Cloudflare Workers to expose custom tools to AI agents without authentication.
mcp-server-authless
Deploys a remote Model Context Protocol (MCP) server on Cloudflare Workers without authentication, allowing AI clients to access custom tools.
n8n-mcp-server
Deploys a remote Model Context Protocol (MCP) server on Cloudflare Workers for exposing AI tools without requiring authentication.