Execute Python code with full access to MCP tools and data processing libraries. This is your Python sandbox for building workflows, processing data, and integrating multiple tools. You can call MCP tools directly as Python functions (e.g., mcp_Supabase_list_projects()) and use libraries like pan...
Risk signalsAccepts freeform code/query input (script) · High parameter count (12 properties)
Part of the DataGen server.
Free to start. No card required.
AI agents invoke executeCode to trigger processes or run actions in DataGen. Execute operations can have side effects beyond the immediate call -- triggering builds, sending notifications, or starting workflows. Rate limits and argument validation are essential to prevent runaway execution.
executeCode can trigger processes with real-world consequences. An uncontrolled agent might start dozens of builds, send mass notifications, or kick off expensive compute jobs. PolicyLayer enforces rate limits and validates arguments to keep execution within safe bounds.
Execute tools trigger processes. Rate-limit and validate arguments to prevent unintended side effects.
{
"version": "1",
"default": "deny",
"tools": {
"executeCode": {
"limits": [
{
"counter": "executecode_rate",
"window": "minute",
"max": 10,
"scope": "grant"
}
]
}
}
}See the full DataGen policy for all 20 tools.
These attack patterns abuse exactly the kind of access executeCode gives an agent. Each links to the full case and the policy that stops it:
Other execute tools across the catalogue. The same approach applies to each: rate-limit and validate the arguments.
Execute Python code with full access to MCP tools and data processing libraries. This is your Python sandbox for building workflows, processing data, and integrating multiple tools. You can call MCP tools directly as Python functions (e.g., mcp_Supabase_list_projects()) and use libraries like pandas, requests, and more. Key features: - Call any tool as a Python function, including MCP tools - Rich execution logs and error handling - All the MCP tools(tool start with mcp_) output have been parsed by json.loads() already if its json parsable,If json.loads() fails, returns the original string - b/c MCP output schema may not be defined, always first try test the mcp tool output data structure. especially for user defined data like google sheet, airtable, supabase sql results. Make sure to include the right MCP server name in mcp_server_names and tool name in the required_tools array. - do not guess the tool name or server name. if its not in the context, use SearchTool tool to get the correct tool name and server name. before using this code execution tool - If you get back with 401 authorizied error. its very likely that you did not include the right server name in the mcp_server_names array. - If the required server is not installed, prompt user to install the server. with "addRemoteMcpServer" tool. Do not use any local() or global() in the code. you can assume the input variables are already defined in the global scope. and you can use them directly with data type defined in the input_schema. Do not use any async in the code. it will cause the code to not work. When work with API - use httpx instead of requests. - if API key is needed, use getUserSecrets tool to get the API key. if not in their, prompt user to add the API key in Datagen. - when use API key just use the key like other variables. DO NOT USE os.getenv() to get the API key. - use polling if the API is async and you want to wait for the result. Coding Style: - use python 3.12 syntax. - Keep it simple and readable. do not use exntensive comments and logger. only necessary print out for debugging. - Focus on the main logic and do not add unnecessary code. Error handling: - If you get back with 401 authorizied error. its very likely that you did not include the right server name in the mcp_server_names array or missing required_tools. - If you have trouble to parse the tool response, try to use the native tool call to observe the response structure. - <example> if you get parsing erro with mcp_Supabase_list_projects(), try to use the user's native list_projects tool in LLM client(like Cursor or Claude) to get the response structure. </example> See the 'how to use executeCode' resource for detailed examples and best practices.. It is categorised as a Execute tool in the DataGen MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
Register the DataGen MCP server in PolicyLayer and add a rule for executeCode: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches DataGen. Nothing to install.
executeCode is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the executeCode rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for executeCode. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
executeCode is provided by the DataGen MCP server (kuoyusheng/datagendev). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Deterministic rules across all 20 DataGen tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.
Free to start. No card required.
4,600+ MCP servers and 31,000+ tools scanned and risk-classified.