Running a mcp tool is expected to be lightweight. Starting a docker container is not impossible but will make this process a bit heavy. Maybe in the future the MCP client can provide python/nodejs runtime and also have extra flag to allow the users to confirm the requested permissions for certain mcp tools. Today running MCP servers with whatever executable available locally is too risky
That's not what a sandbox means. PATH enhancement for dependency management is... dependency management, has nothing for security.
> Too many ways to run scripts.
Which is why you need a tool, and not "just" run MCP. Not that hard to run in docker and configure volume mount/ports though.