Is Kilntainers safe to use?

Kilntainers has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Kilntainers?

Kilntainers can be installed by cloning its GitHub repository and following the setup instructions in the README.

What AI clients work with Kilntainers?

Kilntainers is compatible with Claude Desktop, Cursor, Claude Code, and most MCP clients that support stdio transport. It uses stdio transport.

Is Kilntainers actively maintained?

Kilntainers is recently maintained — last commit was 36 days ago. It has 38 GitHub stars.

Kilntainers MCP Server — Score: 28/100 (D)

Give Every Agent an Ephemeral Linux Sandbox — via MCP

Kilntainers is an MCP server that gives LLM agents isolated Linux sandboxes for executing shell commands.

🧰 Multiple backends: Containers (Docker, Podman), cloud-hosted micro-VMs (Modal, E2B), and WebAssembly sandboxes (WASM BusyBox, or any WASM module).
🏝️ Isolated per agent: Every agent gets its own dedicated sandbox — no shared state, no cross-contamination.
🧹 Ephemeral: Sandboxes live for the duration of the MCP session, then are shut down and cleaned up automatically.
🔒 Secure by design: The agent communicates with the sandbox over MCP — it doesn’t run inside it. No agent API keys, code, or prompts are exposed to the sandbox.
🔌 Simple MCP interface: A single MCP tool, sandbox_exec, lets your agent run any Linux command.
📈 Scalable: Scale from a few agents on your laptop to thousands running in parallel in the cloud.

Why Kilntainers?

Agents are already excellent at using terminals, and can save thousands of tokens by leveraging common Linux utilities like grep, find, jq, awk, etc. However giving an agent access to the host OS is a security nightmare, and running thousands of parallel agents on a service is painful. Kilntainers gives every agent its own isolated, ephemeral sandbox.

Quick Start

Install and run from CLI:

# install
uv tool install kilntainers
# starts with defaults: stdio MCP server, Docker, and Debian-slim (see options below)
kilntainers

Add to your MCP client (Claude, Cursor, etc.):

{
  "mcpServers": {
    "kilntainers": {
      "command": "kilntainers"
    }
  }
}

How It Works

┌─────────────┐   MCP   ┌──────────────┐      ┌─────────────────────────┐
│  LLM Agent  │◄───────►│  Kilntainers │◄────►│  Sandboxes              │
│  (client)   │         │  MCP Server  │      │  - Docker/Podman        │
│             │         │              │      │  - Cloud VM (Modal,E2B) │
│             │         │              │      │  - WASM Sandbox         │
└─────────────┘         └──────────────┘      └─────────────────────────┘

An MCP client connects to Kilntainers
On the first sandbox_exec call, Kilntainers creates an isolated sandbox. Each connection gets its own independent sandbox.
Commands run inside the sandbox; stdout, stderr, and exit code are returned
When the session ends, the sandbox is destroyed and resources are cleaned up.

Security: The agent communicates with the sandbox over MCP — it doesn't run inside it. This is intentional: agents often need secrets (API keys, system prompts, code), and those should never be exposed inside a sandbox where a prompt injection could ex

... View full README on GitHub

Kilntainers

Quick Install

Should you use this server?

Test This Server

Score Breakdown

MCPpedia Score

Security

Help improve this page

Reviews

Frequently Asked Questions

Similar servers

Memory MCP Server

Context Mode

Idea Reality MCP Server

Browser Tools Mcp

Discussion

Give Every Agent an Ephemeral Linux Sandbox — via MCP

Why Kilntainers?

Quick Start

How It Works