{"id":595,"date":"2025-01-11T15:26:47","date_gmt":"2025-01-11T15:26:47","guid":{"rendered":"https:\/\/smolagents.org\/?post_type=docs&#038;p=595"},"modified":"2025-01-11T15:41:43","modified_gmt":"2025-01-11T15:41:43","password":"","slug":"secure-code-execution-of-smolagents","status":"publish","type":"docs","link":"https:\/\/smolagents.org\/hi\/docs\/secure-code-execution-of-smolagents\/","title":{"rendered":"Secure code execution of Smolagents"},"content":{"rendered":"<p>If you\u2019re new to building agents, make sure to first read the\u00a0<a href=\"https:\/\/huggingface.co\/docs\/smolagents\/conceptual_guides\/intro_agents\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">intro to agents<\/a>\u00a0and the\u00a0<a href=\"https:\/\/huggingface.co\/docs\/smolagents\/guided_tour\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">guided tour of smolagents<\/a>.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/huggingface.co\/docs\/smolagents\/tutorials\/secure_code_execution#code-agents\" target=\"_blank\" rel=\"noopener\"><\/a>Code agents<\/h3>\n\n\n\n<p><a href=\"https:\/\/huggingface.co\/papers\/2402.01030\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Multiple<\/a>\u00a0<a href=\"https:\/\/huggingface.co\/papers\/2411.01747\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">research<\/a>\u00a0<a href=\"https:\/\/huggingface.co\/papers\/2401.00812\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">papers<\/a>\u00a0have shown that having the LLM write its actions (the tool calls) in code is much better than the current standard format for tool calling, which is across the industry different shades of \u201cwriting actions as a JSON of tools names and arguments to use\u201d.<\/p>\n\n\n\n<p>Why is code better? Well, because we crafted our code languages specifically to be great at expressing actions performed by a computer. If JSON snippets was a better way, this package would have been written in JSON snippets and the devil would be laughing at us.<\/p>\n\n\n\n<p>Code is just a better way to express actions on a computer. It has better:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Composability:<\/strong>\u00a0could you nest JSON actions within each other, or define a set of JSON actions to re-use later, the same way you could just define a python function?<\/li>\n\n\n\n<li><strong>Object management:<\/strong>\u00a0how do you store the output of an action like\u00a0<code>generate_image<\/code>\u00a0in JSON?<\/li>\n\n\n\n<li><strong>Generality:<\/strong>\u00a0code is built to express simply anything you can do have a computer do.<\/li>\n\n\n\n<li><strong>Representation in LLM training corpus:<\/strong>\u00a0why not leverage this benediction of the sky that plenty of quality actions have already been included in LLM training corpus?<\/li>\n<\/ul>\n\n\n\n<p>This is illustrated on the figure below, taken from\u00a0<a href=\"https:\/\/huggingface.co\/papers\/2402.01030\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Executable Code Actions Elicit Better LLM Agents<\/a>.<\/p>\n\n\n\n<figure class=\"wp-block-image\"><img loading=\"lazy\" decoding=\"async\" width=\"2716\" height=\"1154\" src=\"https:\/\/smolagents.org\/wp-content\/uploads\/2025\/01\/code_vs_json_actions-1.png\" alt=\"\" class=\"wp-image-596\" srcset=\"https:\/\/smolagents.org\/wp-content\/uploads\/2025\/01\/code_vs_json_actions-1.png 2716w, https:\/\/smolagents.org\/wp-content\/uploads\/2025\/01\/code_vs_json_actions-1-300x127.png 300w, https:\/\/smolagents.org\/wp-content\/uploads\/2025\/01\/code_vs_json_actions-1-1024x435.png 1024w, https:\/\/smolagents.org\/wp-content\/uploads\/2025\/01\/code_vs_json_actions-1-768x326.png 768w, https:\/\/smolagents.org\/wp-content\/uploads\/2025\/01\/code_vs_json_actions-1-1536x653.png 1536w, https:\/\/smolagents.org\/wp-content\/uploads\/2025\/01\/code_vs_json_actions-1-2048x870.png 2048w, https:\/\/smolagents.org\/wp-content\/uploads\/2025\/01\/code_vs_json_actions-1-18x8.png 18w, https:\/\/smolagents.org\/wp-content\/uploads\/2025\/01\/code_vs_json_actions-1-360x153.png 360w\" sizes=\"auto, (max-width: 2716px) 100vw, 2716px\" \/><\/figure>\n\n\n\n<p>This is why we put emphasis on proposing code agents, in this case python agents, which meant putting higher effort on building secure python interpreters.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/huggingface.co\/docs\/smolagents\/tutorials\/secure_code_execution#local-python-interpreter\" target=\"_blank\" rel=\"noopener\"><\/a>Local python interpreter<\/h3>\n\n\n\n<p>By default, the&nbsp;<code>CodeAgent<\/code>&nbsp;runs LLM-generated code in your environment. This execution is not done by the vanilla Python interpreter: we\u2019ve re-built a more secure&nbsp;<code>LocalPythonInterpreter<\/code>&nbsp;from the ground up. This interpreter is designed for security by:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Restricting the imports to a list explicitly passed by the user<\/li>\n\n\n\n<li>Capping the number of operations to prevent infinite loops and resource bloating.<\/li>\n\n\n\n<li>Will not perform any operation that\u2019s not pre-defined.<\/li>\n<\/ul>\n\n\n\n<p>We\u2019ve used this on many use cases, without ever observing any damage to the environment.<\/p>\n\n\n\n<p>However this solution is not watertight: one could imagine occasions where LLMs fine-tuned for malignant actions could still hurt your environment. For instance if you\u2019ve allowed an innocuous package like&nbsp;<code>Pillow<\/code>&nbsp;to process images, the LLM could generate thousands of saves of images to bloat your hard drive. It\u2019s certainly not likely if you\u2019ve chosen the LLM engine yourself, but it could happen.<\/p>\n\n\n\n<p>So if you want to be extra cautious, you can use the remote code execution option described below.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\"><a href=\"https:\/\/huggingface.co\/docs\/smolagents\/tutorials\/secure_code_execution#e2b-code-executor\" target=\"_blank\" rel=\"noopener\"><\/a>E2B code executor<\/h3>\n\n\n\n<p>For maximum security, you can use our integration with E2B to run code in a sandboxed environment. This is a remote execution service that runs your code in an isolated container, making it impossible for the code to affect your local environment.<\/p>\n\n\n\n<p>For this, you will need to setup your E2B account and set your\u00a0<code>E2B_API_KEY<\/code>\u00a0in your environment variables. Head to\u00a0<a href=\"https:\/\/e2b.dev\/docs\/quickstart\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">E2B\u2019s quickstart documentation<\/a>\u00a0for more information.<\/p>\n\n\n\n<p>Then you can install it with&nbsp;<code>pip install e2b-code-interpreter python-dotenv<\/code>.<\/p>\n\n\n\n<p>Now you\u2019re set!<\/p>\n\n\n\n<p>To set the code executor to E2B, simply pass the flag&nbsp;<code>use_e2b_executor=True<\/code>&nbsp;when initializing your&nbsp;<code>CodeAgent<\/code>. Note that you should add all the tool\u2019s dependencies in&nbsp;<code>additional_authorized_imports<\/code>, so that the executor installs them.<\/p>\n\n\n\n<p>Copied<\/p>\n\n\n\n<pre class=\"wp-block-preformatted\">from smolagents import CodeAgent, VisitWebpageTool, HfApiModel\nagent = CodeAgent(\n    tools = [VisitWebpageTool()],\n    model=HfApiModel(),\n    additional_authorized_imports=[\"requests\", \"markdownify\"],\n    use_e2b_executor=True\n)\n\nagent.run(\"What was Abraham Lincoln's preferred pet?\")<\/pre>\n\n\n\n<p>E2B code execution is not compatible with multi-agents at the moment &#8211; because having an agent call in a code blob that should be executed remotely is a mess. But we\u2019re working on adding it!<\/p>","protected":false},"excerpt":{"rendered":"<p>If you\u2019re new to building agents, make sure to first read the\u00a0intro to agents\u00a0and the\u00a0guided tour of smolagents. Code agents Multiple\u00a0research\u00a0papers\u00a0have shown that having the LLM write its actions (the tool calls) in code is much better than the current standard format for tool calling, which is across the industry different shades of \u201cwriting actions&#8230;<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","meta":{"_kadence_starter_templates_imported_post":false,"_kad_post_transparent":"","_kad_post_title":"","_kad_post_layout":"","_kad_post_sidebar_id":"","_kad_post_content_style":"","_kad_post_vertical_padding":"","_kad_post_feature":"","_kad_post_feature_position":"","_kad_post_header":false,"_kad_post_footer":false,"footnotes":""},"doc_category":[10],"doc_tag":[],"class_list":["post-595","docs","type-docs","status-publish","hentry","doc_category-examples"],"year_month":"2026-04","word_count":647,"total_views":"4188","reactions":{"happy":"0","normal":"0","sad":"0"},"author_info":{"name":"smolagents","author_nicename":"wd-gstargmail-com","author_url":"https:\/\/smolagents.org\/hi\/author\/wd-gstargmail-com\/"},"doc_category_info":[{"term_name":"Examples","term_url":"https:\/\/smolagents.org\/hi\/docs-category\/examples\/"}],"doc_tag_info":[],"_links":{"self":[{"href":"https:\/\/smolagents.org\/hi\/wp-json\/wp\/v2\/docs\/595","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/smolagents.org\/hi\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/smolagents.org\/hi\/wp-json\/wp\/v2\/types\/docs"}],"author":[{"embeddable":true,"href":"https:\/\/smolagents.org\/hi\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/smolagents.org\/hi\/wp-json\/wp\/v2\/comments?post=595"}],"version-history":[{"count":1,"href":"https:\/\/smolagents.org\/hi\/wp-json\/wp\/v2\/docs\/595\/revisions"}],"predecessor-version":[{"id":597,"href":"https:\/\/smolagents.org\/hi\/wp-json\/wp\/v2\/docs\/595\/revisions\/597"}],"wp:attachment":[{"href":"https:\/\/smolagents.org\/hi\/wp-json\/wp\/v2\/media?parent=595"}],"wp:term":[{"taxonomy":"doc_category","embeddable":true,"href":"https:\/\/smolagents.org\/hi\/wp-json\/wp\/v2\/doc_category?post=595"},{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/smolagents.org\/hi\/wp-json\/wp\/v2\/doc_tag?post=595"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}