# E2B > Secure cloud sandboxes for executing AI-generated code — npm MCP package archived; vendor recommends the hosted E2B platform. [Canonical HTML page](https://top-mcps.com/mcp/e2b) · [server.json](https://top-mcps.com/mcp/e2b.json) · [methodology](https://top-mcps.com/about/methodology) ## Install ### Claude Desktop — `claude_desktop_config.json` Paste under mcpServers. Fully quit and reopen Claude after editing. ```json { "mcpServers": { "e2b": { "command": "npx", "args": [ "@e2b/mcp-server" ], "env": { "E2B_API_KEY": "${E2B_API_KEY}" } } } } ``` ### Claude Code — `CLI or .mcp.json` Run from your repo. Commit .mcp.json to share with your team. ```shell # export E2B_API_KEY=e2b_your_api_key claude mcp add e2b -- npx @e2b/mcp-server ``` ### Cursor — `.cursor/mcp.json` Global path: ~/.cursor/mcp.json. Reload window after editing. ```json { "mcpServers": { "e2b": { "command": "npx", "args": [ "@e2b/mcp-server" ], "env": { "E2B_API_KEY": "${E2B_API_KEY}" } } } } ``` ### VS Code — `.vscode/mcp.json` VS Code uses the "servers" key (not "mcpServers"). ```jsonc { "servers": { "e2b": { "command": "npx", "args": [ "@e2b/mcp-server" ], "env": { "E2B_API_KEY": "${E2B_API_KEY}" } } } } ``` ### Windsurf — `~/.codeium/windsurf/mcp_config.json` Open via Cascade → hammer icon → Configure. ```json { "mcpServers": { "e2b": { "command": "npx", "args": [ "@e2b/mcp-server" ], "env": { "E2B_API_KEY": "${E2B_API_KEY}" } } } } ``` ### Cline — `cline_mcp_settings.json` Open via the Cline sidebar → MCP Servers → Edit. ```json { "mcpServers": { "e2b": { "command": "npx", "args": [ "@e2b/mcp-server" ], "env": { "E2B_API_KEY": "${E2B_API_KEY}" } } } } ``` ### Continue — `~/.continue/config.json` Continue uses modelContextProtocolServers with a transport block. ```json { "experimental": { "modelContextProtocolServers": [ { "transport": { "type": "stdio", "command": "npx", "args": [ "@e2b/mcp-server" ], "env": { "E2B_API_KEY": "${E2B_API_KEY}" } } } ] } } ``` ### Codex CLI — `~/.codex/config.toml` Codex uses TOML. Each server is a [mcp_servers.] subtable. ```shell # ~/.codex/config.toml [mcp_servers.e2b] command = "npx" args = [ "@e2b/mcp-server", ] env = { E2B_API_KEY = "${E2B_API_KEY}" } ``` ### Zed — `~/.config/zed/settings.json` Zed calls them "context_servers". Settings live-reload on save. ```jsonc { "context_servers": { "e2b": { "command": { "path": "npx", "args": [ "@e2b/mcp-server" ] }, "env": { "E2B_API_KEY": "${E2B_API_KEY}" } } } } ``` ### ChatGPT — `ChatGPT → Apps directory` E2B doesn't ship a hosted HTTPS endpoint today. ChatGPT supports remote MCP servers only — to use this server in ChatGPT you'll need to deploy it to a public HTTPS URL first (e.g. via Cloudflare Workers or Vercel) or wait for an official remote build. ```none ``` ## At a glance - **Maintainer:** E2B (npm package archived; vendor recommends the hosted E2B platform) - **Transport:** stdio - **Auth model:** API key - **Required secrets:** E2B_API_KEY - **Supported clients:** Claude, Any MCP-compatible client - **License:** Apache-2.0 - **Language:** TypeScript - **Latest version:** latest - **Last verified:** 2026-05-31 - **GitHub stars:** 390 (fetched 2026-06-02T11:55:51.708Z) - **Score:** 70/100 (rubric 2026-04 — see https://top-mcps.com/about/methodology) - **Source:** https://github.com/e2b-dev/mcp-server ## Security & scope - **Access scope:** exec - **Sandbox:** Spins up an ephemeral cloud sandbox per session; code runs in that sandbox, not locally. Sandbox has a throwaway filesystem and outbound network, and is torn down when the session ends. - **Gotchas:** - Sandbox state is not shared across sessions unless the agent explicitly reuses a sandbox id. - Running costs accrue per sandbox-minute — long-running loops without cleanup burn credits quickly. ## Quick answer **What it does.** Spins up secure cloud sandbox environments and executes AI-generated code inside them, returning output without affecting the host system. **Best for:** - Safe code execution - AI coding agents - Data processing scripts - Test execution - Disposable compute **Not for:** - Latency-sensitive operations - Trusted local execution needs - Long-running processes ## Recipes ### Run Python code safely off-machine ``` Spin up a Python sandbox via E2B, install pandas and matplotlib, create a DataFrame of sample monthly sales (Jan–Jun), and plot a bar chart to a PNG. Return the path to the PNG so I can view it. ``` _Tested with: Claude Desktop, Cursor_ ## Description E2B provides secure, isolated cloud sandbox environments where AI models can execute code safely. Run Python, JavaScript, and other languages in disposable containers without risk to your local machine. Note: the @e2b/mcp-server npm package is archived — the vendor now recommends connecting to the hosted E2B platform directly rather than the MCP wrapper. This entry remains for legacy installs and migration guidance. ## Why it matters Running AI-generated code locally is risky. E2B provides safe, disposable containers that make code execution safe for both developers and autonomous agents. ## Key features - Isolated cloud sandboxes - Multi-language support - Disposable containers - Secure execution - Output capture ## FAQ ### Is E2B free? There is a free tier with ~100 sandbox minutes per month — enough for exploration. Paid tiers add concurrency, longer sessions, and custom base images. All tiers bill only for active sandbox time; idle sandboxes are paused. ### Which languages are supported? Anything that runs in a Linux container: Python, JavaScript/TypeScript, Bash, Go, Rust, Ruby. Each sandbox boots with common toolchains pre-installed and `pip`/`npm` available for extras. ### How is this different from running code locally? Isolation. Code runs in an ephemeral cloud VM, so a hallucinated `rm -rf` or a malicious package only destroys a sandbox — not your machine. It also gives agents a clean environment without caring about your local Python/Node setup. ### Can the sandbox reach the internet? Yes. Sandboxes have outbound network access so agents can `pip install`, clone repos, or hit external APIs. Inbound access is behind a sandbox URL you can share for preview servers (e.g. a Vite dev server the agent starts). ### How long can a session run? Free-tier sandboxes run up to 15 minutes per session; paid tiers extend that and allow sandbox pausing/resuming. For long agent workflows, design around checkpointing state to files rather than a long-lived process. ## Changelog - **2026-05-31** — Refreshed install snippets and fact sheet; verified for 2026. - **2025-01-15** — Initial directory listing.