mavdol/capsule/mcp-server

Overview

A secure runtime that sandboxes AI agent tasks by running untrusted code in isolated WebAssembly environments. It is implemented in Rust and integrates as an MCP server for agent workflows.

Best for

Best for
Developers building AI agents that need to execute untrusted code safely

Use cases

• Executing untrusted code from AI agents without host compromise
• Isolating third-party plugins or user scripts in a sandbox
• Running agent-generated code in a controlled, ephemeral environment

Notes

A secure runtime that sandboxes AI agent tasks by running untrusted code in isolated WebAssembly environments. It is implemented in Rust and integrates as an MCP server for agent workflows.

288 stars on GitHub. Last updated 2026-05-26. Licensed Apache-2.0.

Use cases

• Executing untrusted code from AI agents without host compromise
• Isolating third-party plugins or user scripts in a sandbox
• Running agent-generated code in a controlled, ephemeral environment

Pros

• Strong isolation via WebAssembly sandboxing
• Memory-safe implementation in Rust reduces vulnerabilities
• Lightweight runtime suitable for agent task execution

Cons

• Limited to code that compiles to WebAssembly, excluding many native libraries
• Performance overhead compared to native execution for compute-heavy tasks
• Requires integration with an MCP-compatible agent framework

Indexed from awesome-mcp-servers-punkpeye and enriched against its public facts.