Execute Python code with full access to MCP tools and data processing libraries. This is your Python sandbox for building workflows, processing data, and integrating multiple tools. You can call MCP tools directly as Python functions (e.g., `mcp_Supabase_list_projects()`) and use libraries l...
Accepts freeform code/query input (script); High parameter count (12 properties)
Part of the DataGen MCP server. Enforce policies on this tool with Intercept, the open-source MCP proxy.
AI agents invoke executeCode to trigger processes or run actions in DataGen. Execute operations can have side effects beyond the immediate call -- triggering builds, sending notifications, or starting workflows. Rate limits and argument validation are essential to prevent runaway execution.
executeCode can trigger processes with real-world consequences. An uncontrolled agent might start dozens of builds, send mass notifications, or kick off expensive compute jobs. Intercept enforces rate limits and validates arguments to keep execution within safe bounds.
Execute tools trigger processes. Rate-limit and validate arguments to prevent unintended side effects.
tools:
executeCode:
rules:
- action: allow
rate_limit:
max: 10
window: 60
validate:
required_args: trueSee the full DataGen policy for all 20 tools.
Agents calling execute-class tools like executeCode have been implicated in these attack patterns. Read the full case and prevention policy for each:
Other tools in the Execute risk category across the catalogue. The same policy patterns (rate-limit, validate) apply to each.
executeCode is one of the high-risk operations in DataGen. For the full severity-focused view — only the high-risk tools with their recommended policies — see the breakdown for this server, or browse all high-risk tools across every MCP server.
Execute Python code with full access to MCP tools and data processing libraries. This is your Python sandbox for building workflows, processing data, and integrating multiple tools. You can call MCP tools directly as Python functions (e.g., `mcp_Supabase_list_projects()`) and use libraries like pandas, requests, and more. **Key features:** - Call any tool as a Python function, including MCP tools - Rich execution logs and error handling - All the MCP tools(tool start with mcp_) output have been parsed by json.loads() already if its json parsable,If json.loads() fails, returns the original string - b/c MCP output schema may not be defined, always first try test the mcp tool output data structure. especially for user defined data like google sheet, airtable, supabase sql results. **Make sure to include the right MCP server name in mcp_server_names and tool name in the required_tools array.** - do not guess the tool name or server name. if its not in the context, use SearchTool tool to get the correct tool name and server name. before using this code execution tool - If you get back with 401 authorizied error. its very likely that you did not include the right server name in the mcp_server_names array. - If the required server is not installed, prompt user to install the server. with "addRemoteMcpServer" tool. **Do not use any local() or global() in the code.** you can assume the input variables are already defined in the global scope. and you can use them directly with data type defined in the input_schema. **Do not use any async in the code. it will cause the code to not work.** ** When work with API** - use httpx instead of requests. - if API key is needed, use getUserSecrets tool to get the API key. if not in their, prompt user to add the API key in Datagen. - when use API key just use the key like other variables. DO NOT USE os.getenv() to get the API key. - use polling if the API is async and you want to wait for the result. **Coding Style:** - use python 3.12 syntax. - Keep it simple and readable. do not use exntensive comments and logger. only necessary print out for debugging. - Focus on the main logic and do not add unnecessary code. **Error handling:** - If you get back with 401 authorizied error. its very likely that you did not include the right server name in the mcp_server_names array or missing required_tools. - If you have trouble to parse the tool response, try to use the native tool call to observe the response structure. - <example> if you get parsing erro with mcp_Supabase_list_projects(), try to use the user's native list_projects tool in LLM client(like Cursor or Claude) to get the response structure. </example> **See the 'how to use executeCode' resource for detailed examples and best practices.**. It is categorised as a Execute tool in the DataGen MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
Add a rule in your Intercept YAML policy under the tools section for executeCode. You can allow, deny, rate-limit, or validate arguments. Then run Intercept as a proxy in front of the DataGen MCP server.
executeCode is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the executeCode rule in your Intercept policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the Intercept policy for executeCode. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
executeCode is provided by the DataGen MCP server (kuoyusheng/datagendev). Intercept sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Open source. One binary. Zero dependencies.
npx -y @policylayer/intercept