MCP Server Sandbox with gVisor

How to run MCP (Model Context Protocol) servers in a sandboxed environment using gVisor — the userspace kernel that powers Google Cloud Run.

Why sandbox MCP servers?

Every MCP server you install gets access to:

There's no sandboxing built into MCP. You're trusting the author.

The gVisor sandbox config

docker run --rm \
  --runtime=runsc \
  --network none \
  --read-only \
  --cap-drop ALL \
  --security-opt no-new-privileges \
  --memory 256m \
  --memory-swap 0 \
  --cpus 0.5 \
  --pids-limit 64 \
  --tmpfs /tmp:rw,size=64m \
  mcp-audit-target

What gVisor catches

Enhanced seccomp fallback

When gVisor isn't available, we use a strict seccomp profile that blocks 30+ dangerous syscalls.

Try it

We've audited 8,764 MCP servers with this sandbox. Results are public.

See Full Methodology → Browse Audited Servers →