Model Context Protocol moderate risk

Jupyter

Jupyter MCP Server enables real-time AI interaction with Jupyter notebooks, offering tools for cell manipulation, execution, and notebook management via the MCP protocol.

Connections & Capabilities

Connects To

GitHubDockerFilesystem

Capabilities

readwriteexecadmin

Quickstart

Install

pip install jupyterlab==4.4.1 jupyter-collaboration==4.0.2 jupyter-mcp-tools>=0.1.4 ipykernel

Config

{
  "mcpServers": {
    "jupyter": {
      "command": "uvx",
      "args": ["jupyter-mcp-server@latest"],
      "env": {
        "JUPYTER_URL": "http://localhost:8888",
        "JUPYTER_TOKEN": "MY_TOKEN",
        "ALLOW_IMG_OUTPUT": "true"
      }
    }
  }
}

Exposed MCP Tools (17)

safe

list_files

Lists files and directories within the Jupyter server's file system.

Read-only operation.

safe

list_kernels

Lists available and running kernel sessions on the Jupyter server.

Read-only operation.

moderate

use_notebook

Connects to, creates, or switches between Jupyter notebooks.

Manages notebook access, but doesn't directly modify content.

safe

list_notebooks

Lists all notebooks available on the Jupyter server and their status.

Read-only operation.

moderate

restart_notebook

Restarts the kernel for a specific managed notebook.

Can interrupt running processes, but doesn't modify data.

safe

read_notebook

Reads the source content of notebook cells.

Read-only operation.

safe

read_cell

Reads the full content (metadata, source, outputs) of a single cell.

Read-only operation.

moderate

insert_cell

Inserts a new code or markdown cell at a specified position.

Adds content to the notebook, but requires explicit execution.

high

delete_cell

Deletes a cell at a specified index.

Removes content from the notebook.

high

overwrite_cell_source

Overwrites the source code of an existing cell.

Modifies existing code, potentially introducing malicious content.

critical

execute_cell

Executes a cell with timeout, supporting multimodal output.

Executes arbitrary code within the Jupyter kernel.

critical

insert_execute_code_cell

Inserts a new code cell and executes it in one step.

Executes arbitrary code immediately upon insertion.

critical

execute_code

Executes code directly in the kernel, supporting magic and shell commands.

Executes arbitrary code directly in the kernel, bypassing cell structure.

critical

notebook_run-all-cells

Executes all cells in the current notebook sequentially.

Executes all code in the notebook, potentially triggering unintended actions.

safe

notebook_get-selected-cell

Gets information about the currently selected cell.

Read-only operation.

moderate

connect_to_jupyter

Connects to a Jupyter server dynamically without restarting the MCP server.

Allows switching servers, potentially connecting to untrusted sources.

moderate

unuse_notebook

Disconnects from a specific notebook and releases its resources.

Releases resources but doesn't modify the notebook.

Safety Assessment

The Jupyter MCP Server provides powerful tools for interacting with Jupyter notebooks, but its safety depends heavily on proper configuration and access control. It is relatively safe in read-only scenarios, but risky if write access is granted without careful consideration of the potential for malicious code execution.

Requires authentication via token.
Provides tools for managing access to specific notebooks.
Offers JupyterLab integration for enhanced UI control.
Supports multimodal output for diverse data types.

Allows code execution within the Jupyter kernel.
Provides tools for inserting, deleting, and overwriting cells.
Can expose the Jupyter server's file system.
Relies on user-provided Jupyter URL and token, increasing risk of misconfiguration.