Is Python Mcp Agent Workshop safe to use?

Python Mcp Agent Workshop has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.

How do I install Python Mcp Agent Workshop?

Python Mcp Agent Workshop supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.

What can Python Mcp Agent Workshop do?

Python Mcp Agent Workshop provides 2 tools: performance_check, keyword_search. See the full tools list on the server page for descriptions and parameters.

What AI clients work with Python Mcp Agent Workshop?

Python Mcp Agent Workshop is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.

Is Python Mcp Agent Workshop actively maintained?

Python Mcp Agent Workshop is less actively maintained — last commit was 100 days ago. It has 7 GitHub stars.

Python Mcp Agent Workshop

Name: Python Mcp Agent Workshop
Author: nnennandukwe

@qodo/command · by nnennandukwe

A workshop for building AI agents using the Model Context Protocol (MCP) in Python. This project demonstrates how to create MCP servers, implement custom tools, and configure intelligent agents for code analysis.

7 2.1k/wk 2 tools GitHub npm PyPI

No known CVEs

MIT license

Maintained

Last commit 100d ago

Works with most clients

Transport: stdio

2 tools · ~226 tok

Grade A · 0.1% of 200K ctx

Edit this pageView history

Education AI / ML

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "python-mcp-agent-workshop": {
      "args": [
        "-y",
        "@qodo/command"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/python-mcp-agent-workshop)](https://mcppedia.org/s/python-mcp-agent-workshop)

Read me

What Python Mcp Agent Workshop does

A workshop for building AI agents using the Model Context Protocol (MCP) in Python. This project walks through implementing MCP server fundamentals (JSON-RPC framing, tool discovery, and tool execution) and ships two fully working tools:

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@qodo/command' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

83/100across 5 weighted dimensions

How we score →

0255075100

−17

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

5 fixed

CVE-2026-41140medium · fixedCVSS 4

Poetry has Path Traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4

### Summary The `extractall()` function in `src/poetry/utils/helpers.py:410-426` extracts sdist tarballs without path traversal protection on Python versions where `tarfile.data_filter` is unavailable. Considering only Python versions which are still supported by Poetry, these are 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4. ### Impact Arbitrary file write (path traversal) from untrusted sdist content. **In practice, the impact is low** because an attacker who exploits this vulnerability can as wel

Affected: >= 0Fixed in 2.3.4source →

CVE-2026-34591low · fixedCVSS 3.1

Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write

### Summary A crafted wheel can contain ../ paths that Poetry writes to disk without containment checks, allowing arbitrary file write with the privileges of the Poetry process. ### Impact Arbitrary file write (path traversal) from untrusted wheel content. Impacts users/CI/CD systems installing malicious or compromised packages. ### Patches Versions 2.3.3 and newer of Poetry resolve the target paths and ensure that they are inside the target directory. Otherwise, installation is aborted. ##

Affected: >= 1.4.0Fixed in 2.3.3source →

CVE-2022-36070low · fixedCVSS 3.1

PYSEC-2022-43179

Poetry is a dependency manager for Python. To handle dependencies that come from a Git repository, Poetry executes various commands, e.g. `git config`. These commands are being executed using the executable’s name and not its absolute path. This can lead to the execution of untrusted code due to the way Windows resolves executable names to paths. Unlike Linux-based operating systems, Windows searches for the executable in the current directory first and looks in the paths that are defined in the

Affected: >= 0Fixed in 1.1.9source →

CVE-2022-36069info · fixed

PYSEC-2022-266

Poetry is a dependency manager for Python. When handling dependencies that come from a Git repository instead of a registry, Poetry uses various commands, such as `git clone`. These commands are constructed using user input (e.g. the repository URL). When building the commands, Poetry correctly avoids Command Injection vulnerabilities by passing an array of arguments instead of a command string. However, there is the possibility that a user input starts with a dash (`-`) and is therefore treated

Affected: >= 0Fixed in 1.1.9source →

CVE-2022-26184info · fixed

PYSEC-2022-234

Poetry v1.1.9 and below was discovered to contain an untrusted search path which causes the application to behave in unexpected ways when users execute Poetry commands in a directory containing malicious content. This vulnerability occurs when the application is ran on Windows OS.

Affected: >= 0Fixed in 1.1.9source →

Inventory

Tools (2)

Click any tool to inspect its schema.

~226 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Python Mcp Agent Workshop safe to use?: Python Mcp Agent Workshop has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Python Mcp Agent Workshop?: Python Mcp Agent Workshop supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Python Mcp Agent Workshop do?: Python Mcp Agent Workshop provides 2 tools: performance_check, keyword_search. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Python Mcp Agent Workshop?: Python Mcp Agent Workshop is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Python Mcp Agent Workshop actively maintained?: Python Mcp Agent Workshop is less actively maintained — last commit was 100 days ago. It has 7 GitHub stars.

Similar servers

Others in education / ai-ml

View all →

Memory MCP Server98

Persistent memory using a knowledge graph

86.4k 5

Sequential Thinking MCP Server98

Dynamic problem-solving through sequential thought chains

86.4k 1

Antigravity Workspace Template96

Workspace template + MCP server for Claude Code, Codex CLI, Cursor & Windsurf. Multi-agent knowledge engine (ag-refresh / ag-ask) that turns any codebase into a queryable AI assistant.

1.2k 2

Context Mode95

Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.

16.0k 6

MCP Security Weekly

Get CVE alerts and security updates for Python Mcp Agent Workshop and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?

Edit this pageView history

Education AI / ML

Step 1

Install in your client

Config is the same across clients — only the file and path differ.

Supported in Claude Desktopstdio · Node 18+

Paste into ~/Library/Application Support/Claude/claude_desktop_config.json

{
  "mcpServers": {
    "python-mcp-agent-workshop": {
      "args": [
        "-y",
        "@qodo/command"
      ],
      "command": "npx"
    }
  }
}

Are you the author?

Add this badge to your README to show your security score and help users find safe servers.

Embed in your READMEAbout badges →

[![MCPpedia Score](https://mcppedia.org/api/badge/python-mcp-agent-workshop)](https://mcppedia.org/s/python-mcp-agent-workshop)

Read me

What Python Mcp Agent Workshop does

Test This Server

Run this in your terminal to verify the server starts. Then let us know if it worked — your result helps other developers.

npx -y '@qodo/command' 2>&1 | head -1 && echo "✓ Server started successfully"

After testing, let us know if it worked:

README

Python MCP Agent Workshop

Performance Profiler - Semantic Python code analysis using Astroid AST parsing to detect performance anti-patterns (N+1 queries, blocking I/O in async, inefficient loops, memory issues)
Keyword Search - Async file system search with statistical analysis

Link to Presentation Slides

Presentation Slides

Features

Performance Profiler

The performance profiler uses Astroid for semantic AST analysis, detecting:

N+1 Query Detection - Identifies Django and SQLAlchemy ORM queries inside loops
Blocking I/O in Async - Finds synchronous operations (open, time.sleep, requests) in async functions
Inefficient Loop Patterns - Detects string concatenation in loops, deep nesting
Memory Inefficiency Detection - Flags loading entire files into memory (read(), json.load, pickle.load)

Keyword Search

Asynchronous file system search across multiple directories
Multi-format text file support
Statistical analysis and reporting

Why Astroid over Standard AST?

Unlike general linters (Pylint, Flake8), the performance profiler uses Astroid for semantic analysis:

Type Inference: Understands what types variables hold, not just their names
Call Resolution: Knows which function is actually being called (e.g., Django ORM vs. regular method)
Cross-module Analysis: Can resolve imports and understand relationships
Pattern Context: Detects patterns like "ORM query inside a loop" that require understanding code structure

Quick Start

# Clone and install
git clone <repository-url>
cd python-mcp-agent-workshop
poetry install

# Verify setup
python verification.py

# Start the MCP server
poetry run workshop-mcp-server

# Run tests (102 tests)
poetry run pytest

# Use the performance profiler agent (requires Qodo)
qodo performance_analysis --set file_path="path/to/code.py"

# Use the keyword search agent (requires Qodo)
qodo keyword_analysis --set keyword="{KEYWORD_HERE}"

Testing the Performance Profiler via MCP

# Start the server and send a JSON-RPC request
echo '{"jsonrpc":"2.0","id":1,"method":"call_tool","params":{"name":"performance_check","arguments":{"file_path":"src/workshop_mcp/server.py"}}}' | poetry run python -m workshop_mcp.server

Learning Path (From-Scratch MCP Server)

Start with the protocol fundamentals and build up the server step by step:

Prerequisites

Before starting the workshop, ensure you have the following installed:

Required Software

Python 3.11+
- Download from python.org
- Verify: python --version
Poetry (Python dependency management)
- Install: curl -sSL https://install.python-poetry.org | python3 -
- Or via pip: pip install poetry
- Verify: poetry --version

Key Dependencies

The project uses these core libraries (installed via poetry install):

Astroid - Advanced AST analysis for semantic Python parsing (powers performance profiler)
aiofiles - Async file I/O operations

Optional Tools

Git for version control
VS Code or your preferred IDE
Docker (for containerized deployment)
Qodo Command (optional, for agent execution)
- Install: `npm install -g @qodo/command

... View full README on GitHub

Loading README…

Scored, not listed

Why this score

Five weighted categories — click any category to see the underlying evidence.

Score breakdown

83/100across 5 weighted dimensions

How we score →

0255075100

−17

Security

Maintenance

Efficiency

Documentation

Compatibility

Categoriesclick a row to see evidence

Security

OSV.dev

5 fixed

CVE-2026-41140medium · fixedCVSS 4

Poetry has Path Traversal in tar extraction on Python 3.10.0 - 3.10.12 and 3.11.0 - 3.11.4

Affected: >= 0Fixed in 2.3.4source →

CVE-2026-34591low · fixedCVSS 3.1

Poetry Has Wheel Path Traversal Which Can Lead to Arbitrary File Write

Affected: >= 1.4.0Fixed in 2.3.3source →

CVE-2022-36070low · fixedCVSS 3.1

PYSEC-2022-43179

Affected: >= 0Fixed in 1.1.9source →

CVE-2022-36069info · fixed

PYSEC-2022-266

Affected: >= 0Fixed in 1.1.9source →

CVE-2022-26184info · fixed

PYSEC-2022-234

Affected: >= 0Fixed in 1.1.9source →

Inventory

Tools (2)

Click any tool to inspect its schema.

~226 tokens total

Community

Reviews

Be the first to review

Have you used this server?

Share your experience — it helps other developers decide.

How easy was setup?Did it work reliably?How was the documentation?

Frequently Asked Questions

Is Python Mcp Agent Workshop safe to use?: Python Mcp Agent Workshop has no known CVEs as of the latest MCPpedia security scan. It does not require authentication, so any local process can connect — keep this in mind in shared environments. Licensed under MIT.
How do I install Python Mcp Agent Workshop?: Python Mcp Agent Workshop supports copy-paste install configs on its MCPpedia page for Claude Desktop, Cursor, and Claude Code. Scroll to the Quick Install section and select your client.
What can Python Mcp Agent Workshop do?: Python Mcp Agent Workshop provides 2 tools: performance_check, keyword_search. See the full tools list on the server page for descriptions and parameters.
What AI clients work with Python Mcp Agent Workshop?: Python Mcp Agent Workshop is compatible with claude-desktop, cursor, claude-code. It uses stdio transport.
Is Python Mcp Agent Workshop actively maintained?: Python Mcp Agent Workshop is less actively maintained — last commit was 100 days ago. It has 7 GitHub stars.

Similar servers

Others in education / ai-ml

View all →

Memory MCP Server98

Persistent memory using a knowledge graph

86.4k 5

Sequential Thinking MCP Server98

Dynamic problem-solving through sequential thought chains

86.4k 1

Antigravity Workspace Template96

Workspace template + MCP server for Claude Code, Codex CLI, Cursor & Windsurf. Multi-agent knowledge engine (ag-refresh / ag-ask) that turns any codebase into a queryable AI assistant.

1.2k 2

Context Mode95

Privacy-first. MCP is the protocol for tool access. We're the virtualization layer for context.

16.0k 6

MCP Security Weekly

Get CVE alerts and security updates for Python Mcp Agent Workshop and similar servers.

Community

Discussion

Start a conversation

Ask a question, share a tip, or report an issue.

Has anyone used this with Cursor?How do you handle auth?Any alternatives?