Execute Python code in FreeCAD without waiting for completion. Use this ONLY for long-running background computations that do NOT touch the FreeCAD GUI or mutate the FreeCAD document tree directly. This tool runs the submitted code in a background thread and returns immediately. Because it does n...
AI agents invoke execute_code_async to trigger actions in Freecad mcp. What it does depends on the arguments the agent supplies, and its effects often reach beyond the immediate call — builds kicked off, notifications sent, workflows started.
This tool allows arbitrary Python code execution in FreeCAD's runtime environment. While the description attempts to limit scope to background computations that don't touch the GUI or document tree directly, an AI agent could still misuse this to execute malicious code, access sensitive files, exfiltrate data, or perform unauthorized system operations.
From the tool's definition Tool name is 'execute_code_async' and description states 'Execute Python code in FreeCAD'. The description explicitly warns against calling FreeCADGui APIs and manipulating the document tree, indicating the tool has broad code execution capabilities.
Documented attack patterns abuse exactly the kind of access execute_code_async gives an agent:
PolicyLayer is an MCP gateway — it sits between your AI agents and Freecad mcp, and nothing reaches the server without passing your rules. This is the rule we recommend for execute_code_async:
{
"version": "1",
"default": "deny",
"tools": {
"execute_code_async": {
"limits": [
{
"counter": "execute_code_async_rate",
"window": "minute",
"max": 10,
"scope": "grant"
}
]
}
}
}execute_code_async stays usable, but rate-capped — a runaway agent can't fire it dozens of times a minute. Everything else on the server is denied unless you say otherwise.
Free to start. No card required.
Execute Python code in FreeCAD without waiting for completion. Use this ONLY for long-running background computations that do NOT touch the FreeCAD GUI or mutate the FreeCAD document tree directly. This tool runs the submitted code in a background thread and returns immediately. Because it does not run on FreeCAD's main GUI thread, the code must NOT call FreeCADGui APIs, manipulate the active view or selection, create or edit document objects, change object properties, call doc.recompute(), or save documents. For code that touches FreeCAD documents, document objects, FreeCADGui, the active view, selection, recompute, or save operations, use execute_code instead. execute_code runs on the FreeCAD GUI thread and is the safe default for normal FreeCAD automation. Use execute_code_async only for background-safe work such as long-running pure OCCT geometry calculations (e.g. fuse/cut/loft on already-fetched shapes) or other CPU-bound computations that do not interact with the document or GUI. Typical usage pattern: 1. Fetch shapes into local variables first (via execute_code on the GUI thread). 2. Store intermediate results in a module-level Python variable (not in the FreeCAD document) so execute_code can read them later. 3. Run the heavy computation via execute_code_async. 4. After the expected computation time has elapsed, apply results to the document via execute_code (which runs on the GUI thread). Args: code: Background-safe Python code to execute. Returns: A message confirming that background execution has started. It is categorised as a Execute tool in the Freecad mcp MCP Server, which means it can trigger actions or run processes. Use rate limits and argument validation.
Register the Freecad MCP server in PolicyLayer and add a rule for execute_code_async: allow, deny, rate-limit, or require approval. Point your MCP client at the PolicyLayer proxy URL and the rule is enforced on every call, before it reaches Freecad mcp. Nothing to install.
execute_code_async is a Execute tool with high risk. Execute tools should be rate-limited and have argument validation enabled.
Yes. Add a rate_limit block to the execute_code_async rule in your PolicyLayer policy. For example, setting max: 10 and window: 60 limits the tool to 10 calls per minute. Rate limits are tracked per agent session and reset automatically.
Set action: deny in the PolicyLayer policy for execute_code_async. The AI agent will receive a policy violation error and cannot call the tool. You can also include a reason field to explain why the tool is blocked.
execute_code_async is provided by the Freecad MCP server (neka-nat/freecad-mcp). PolicyLayer sits as a proxy in front of this server to enforce policies before tool calls reach the server.
Start from Freecad mcp, add the rest of your stack, and see everything your agents can call. Then put policy on all of it.
Free to start. No card required.
14 Freecad mcp tools catalogued and risk-classified — across an index of 43,000+ MCP servers.