Skip to main content
hc
Submit
toolsSource-backedReview first Safety Privacy

Hugging Face Smolagents

Hugging Face Python agent library for CodeAgent and ToolCallingAgent workflows, where agents write Python actions, call tools, use MCP tool collections, connect to Hub tools and spaces, run with LiteLLM or local models, and use optional sandboxes.

by Hugging Face·added 2026-06-18·
CLI
HarnessCLI
Review first review before installing

Open the source and read safety notes before installing.

Safety notes

  • Smolagents CodeAgent writes actions as Python code; run untrusted or high-impact actions in a real sandbox such as Docker, E2B, Modal, or Blaxel instead of treating local execution as a security boundary.
  • Agents can call MCP tools, Hub tools, Spaces, LangChain tools, web search, webpage tools, browser tools, local models, and provider APIs; review each tool's permissions and side effects before use.
  • The built-in local Python execution restrictions are not a complete sandbox, so do not expose sensitive files, credentials, shells, browsers, or network access without additional isolation.
  • CLI agents such as `smolagent` and `webagent` can perform multi-step actions; require explicit operator approval before purchases, account writes, file writes, command execution, or external submissions.
  • Telemetry, tracing, and provider integrations need review before production use because agent steps may include prompts, generated code, tool outputs, and errors.

Privacy notes

  • Prompts, generated Python code, tool arguments, tool outputs, execution logs, browser state, search results, Hub repository data, Spaces inputs, model responses, telemetry, and errors may contain user or workspace data.
  • Do not expose Hugging Face tokens, provider API keys, local file paths, customer records, private datasets, credentials, or raw exceptions through shared agents, Hub uploads, logs, screenshots, or public examples.
  • When using MCP servers, Hub tools, Spaces, LiteLLM providers, OpenAI-compatible gateways, local model servers, or sandbox providers, review data retention and third-party access separately.
  • If agents are shared to the Hugging Face Hub, review included tools, prompts, dependencies, examples, and repository files for secrets and private data before publishing.

Prerequisites

  • Python 3.10 or newer and a Python environment managed with pip, uv, or another package manager.
  • A selected model route, such as Hugging Face Inference Providers, local Transformers, Ollama, LiteLLM, OpenAI-compatible servers, Azure OpenAI, Bedrock, or another configured provider.
  • Provider credentials, Hugging Face tokens, local model access, or API keys stored outside source control.
  • A sandbox plan for CodeAgent execution when agents can run Python actions, browse, call tools, or interact with user files.
  • Optional extras for MCP, Docker, E2B, Modal, Blaxel, LiteLLM, telemetry, toolkit tools, vision, audio, or local model runtimes only when needed.

Schema details

Install type
cli
Troubleshooting
No
Source repository stats
Scope
Source repo
Collection metadata
Estimated setup
20 minutes
Difficulty
intermediate
Tool listing metadata
Pricing
free
Disclosure
editorial
Application category
DeveloperApplication
Operating system
Cross-platform
Full copyable content
pip install "smolagents[toolkit]"

About this resource

Overview

Smolagents is Hugging Face's lightweight Python library for building agents in a few lines of code. Its main pattern is CodeAgent, where the model writes Python actions that call tools or orchestrate other agents. It also includes ToolCallingAgent, CLI commands, Hub integrations, tool imports, MCP tool collections, local and hosted model routes, and optional sandbox backends.

Use it when a Python team wants a compact agent framework with direct code actions, Hugging Face ecosystem integration, local model support, and a clear path to MCP tools or Hub-shared tools.

Install

For the default toolkit extras:

pip install "smolagents[toolkit]"

The package also exposes extras for MCP, Docker, E2B, Modal, Blaxel, LiteLLM, OpenAI, Bedrock, telemetry, Gradio, Transformers, vision, audio, vLLM, and other runtime options. Install only the extras required by the agent.

Agent Capabilities

Area Smolagents Coverage
Agent Types CodeAgent for Python-code actions and ToolCallingAgent for standard tool-calling workflows
Tools Python tools, MCP tool collections, LangChain tools, Hub tools, Spaces, web search, webpage tools, and browser tools
Model Routes Hugging Face Inference Providers, local Transformers, Ollama-style local routes, LiteLLM, OpenAI-compatible servers, Azure OpenAI, Bedrock, and other providers
Sandboxes Optional Docker, E2B, Modal, and Blaxel execution environments for generated code
CLI smolagent for general multi-step CodeAgent runs and webagent for browser-oriented workflows
Sharing Push and pull agents or tools through the Hugging Face Hub
Observability Optional telemetry and OpenTelemetry/OpenInference integrations

MCP Fit

Smolagents is relevant for MCP searches because its tools layer can import tool collections from MCP servers. That lets a CodeAgent or ToolCallingAgent call MCP tools alongside Hub tools, LangChain tools, Spaces, local tools, and provider tools.

The framework does not remove MCP's normal trust boundary. If an MCP server can read files, browse, query a database, call SaaS APIs, or write to an account, Smolagents can put that capability inside an agent loop. Review permissions, tool schemas, logging, and approval gates before connecting powerful servers.

Use Cases

  • Build compact Python agents that write actions as Python code.
  • Compare CodeAgent behavior with standard tool-calling agents.
  • Connect an agent to MCP tools, Hugging Face Hub tools, or Spaces.
  • Run lightweight CLI agents for research or automation.
  • Use Hugging Face Inference Providers, local models, LiteLLM, or OpenAI-compatible gateways.
  • Share reviewed agents and tools through the Hugging Face Hub.
  • Prototype agent workflows with Docker, E2B, Modal, or Blaxel sandboxing.

Source Review

Verified on 2026-06-18:

  • The upstream repository describes Smolagents as a library for agents that write Python code to call tools or orchestrate other agents.
  • The docs and package metadata identify CodeAgent and ToolCallingAgent as core agent types.
  • pyproject.toml declares the smolagents package, Python >=3.10, CLI scripts smolagent and webagent, Apache-2.0 licensing, MCP extras, sandbox-related extras, model/provider extras, toolkit extras, and telemetry extras.
  • The documentation covers the Smolagents overview and agent reference.
  • PyPI resolves package metadata for smolagents version 1.26.0.

Safety and Privacy

Generated Python actions are powerful. Treat CodeAgent output like code from an untrusted contributor until it has been sandboxed, reviewed, and scoped. Do not let local execution read secrets, write repositories, browse private accounts, or call production systems unless the permissions and rollback path are clear.

MCP servers, Hub tools, Spaces, provider APIs, browser tools, telemetry, and sandbox providers can all observe or retain agent data. Review prompts, tool arguments, tool outputs, generated code, logs, model responses, and shared Hub artifacts before treating an agent as safe for production or public reuse.

Duplicate Check

Checked current content/tools/, content/agents/, content/mcp/, content/skills/, guides, open pull requests, and repository-wide content for huggingface/smolagents, Smolagents, Hugging Face Smolagents, CodeAgent, ToolCallingAgent, Smolagents MCP tools, smolagent, webagent, and Python code agents. Existing entries cover adjacent agent frameworks, coding agents, MCP tools, and local model runtimes, but no dedicated Smolagents entry, exact source URL duplicate, target file, or open duplicate PR was found.

#huggingface#smolagents#agents#python#mcp#code-agent#agent-framework

Source citations

Add this badge to your README

Show that Hugging Face Smolagents is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

Listed on HeyClaude
[![Listed on HeyClaude](https://heyclau.de/badge/tools/smolagents.svg)](https://heyclau.de/entry/tools/smolagents)

How it compares

Hugging Face Smolagents side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

FieldHugging Face Smolagents

Hugging Face Python agent library for CodeAgent and ToolCallingAgent workflows, where agents write Python actions, call tools, use MCP tool collections, connect to Hub tools and spaces, run with LiteLLM or local models, and use optional sandboxes.

Open dossier 		Hugging Face Accelerate

Apache-2.0 library for running raw PyTorch training and inference code across CPU, GPU, TPU, DeepSpeed, FSDP, and mixed-precision environments.

Open dossier 		Hugging Face Datasets

Apache-2.0 library for loading, sharing, streaming, inspecting, and preprocessing AI datasets from the Hugging Face Hub or local files.

Open dossier 		Hugging Face Diffusers

Apache-2.0 library for pretrained diffusion model pipelines, schedulers, adapters, optimization, and training workflows for image, video, and audio generation in PyTorch.

Open dossier
Trust
Install riskReview firstReview firstReview firstReview first
Notes Safety Privacy Safety Privacy Safety Privacy Safety Privacy
Categorytoolstoolstoolstools
Sourcesource-backedsource-backedsource-backedsource-backed
AuthorHugging FaceHugging FaceHugging FaceHugging Face
Added2026-06-182026-06-042026-06-042026-06-04
Platforms
CLI
CLI
CLI
CLI
Source repo
Safety notesSmolagents CodeAgent writes actions as Python code; run untrusted or high-impact actions in a real sandbox such as Docker, E2B, Modal, or Blaxel instead of treating local execution as a security boundary. Agents can call MCP tools, Hub tools, Spaces, LangChain tools, web search, webpage tools, browser tools, local models, and provider APIs; review each tool's permissions and side effects before use. The built-in local Python execution restrictions are not a complete sandbox, so do not expose sensitive files, credentials, shells, browsers, or network access without additional isolation. CLI agents such as `smolagent` and `webagent` can perform multi-step actions; require explicit operator approval before purchases, account writes, file writes, command execution, or external submissions. Telemetry, tracing, and provider integrations need review before production use because agent steps may include prompts, generated code, tool outputs, and errors.Accelerate can scale a raw PyTorch loop quickly, but distributed execution can also multiply bugs, data leakage, runaway compute cost, checkpoint corruption, and unsafe model behavior. Run `accelerate config`, DeepSpeed, FSDP, mixed precision, device placement, gradient accumulation, and process counts on a small workload before production training or inference. Multi-GPU, TPU, MPI, notebook, and multi-node launches can exhaust CPU, GPU, memory, disk, network, or quota resources if batch size, precision, worker count, and checkpoint cadence are not bounded. Source installs, example scripts, notebooks, cluster launchers, and community configuration snippets should be reviewed before execution, especially when combined with private data or credentials. Training and fine-tuning workflows still need evaluation, rollback, model-card review, license review, and safety testing before outputs or checkpoints are used in Claude-adjacent products. Distributed workers, shared filesystems, cloud notebooks, and experiment trackers should be configured so failed runs do not leave sensitive data, tokens, logs, or checkpoints broadly accessible.Hugging Face Datasets makes it easy to load public and local datasets, but dataset availability does not prove license fit, consent, quality, or safety for a given use case. Public datasets, community scripts, local files, and generated preprocessing steps should be reviewed before use in production model training, evaluation, or Claude-adjacent workflows. Streaming large datasets can reduce disk use, but it still performs network access and may expose dataset names, access patterns, credentials, and workload metadata. Dataset preprocessing with `map`, multiprocessing, format conversion, indexing, or filtering can silently change examples, labels, splits, or ordering if transforms are not versioned and tested. Training, fine-tuning, and evaluation workflows should guard against PII leakage, benchmark contamination, duplicated examples, prompt/output leakage, and accidental publication to the Hub. Dataset cards, licenses, private repository settings, and organization policies should be checked together before sharing, caching, or reusing datasets across teams.Diffusers can generate and train image, video, and audio models, so teams need application-level controls for unsafe imagery, deepfakes, impersonation, copyrighted style mimicry, and policy-violating prompts. Public model availability does not prove a checkpoint, adapter, dataset, or generated output is licensed or safe for a given product workflow. Pipelines, schedulers, adapters, LoRA weights, ControlNet inputs, and optimization settings can materially change outputs, latency, memory use, and safety behavior. Training scripts, source installs, example notebooks, community checkpoints, custom pipelines, and adapter repositories should be reviewed before execution, especially with private data or credentials. Large diffusion workloads can exhaust CPU, GPU, memory, disk, network, or cloud quotas; benchmark batch size, precision, offload, cache growth, and rollback before production deployment. Generated media and fine-tuned checkpoints should be reviewed before publication, sharing, Hub uploads, or automated use in Claude-adjacent product workflows.
Privacy notesPrompts, generated Python code, tool arguments, tool outputs, execution logs, browser state, search results, Hub repository data, Spaces inputs, model responses, telemetry, and errors may contain user or workspace data. Do not expose Hugging Face tokens, provider API keys, local file paths, customer records, private datasets, credentials, or raw exceptions through shared agents, Hub uploads, logs, screenshots, or public examples. When using MCP servers, Hub tools, Spaces, LiteLLM providers, OpenAI-compatible gateways, local model servers, or sandbox providers, review data retention and third-party access separately. If agents are shared to the Hugging Face Hub, review included tools, prompts, dependencies, examples, and repository files for secrets and private data before publishing.Accelerate workflows can process prompts, conversations, documents, datasets, labels, model outputs, metrics, gradients, checkpoints, adapter weights, and experiment artifacts. The `accelerate env` command, launcher logs, cluster logs, notebooks, crash traces, and tracker integrations may reveal platform details, Python paths, GPU types, process counts, configuration values, dataset names, or model names. Hugging Face Hub access, private repositories, cloud storage, shared caches, multi-node filesystems, and experiment trackers may expose credentials, examples, metrics, checkpoints, or access metadata depending on setup. Mixed-precision, FSDP, DeepSpeed, and checkpoint sharding can create multiple intermediate files that need the same retention, deletion, encryption, and access-control policy as the source training data. Teams should define who can inspect configuration files, launch logs, failed batches, checkpoints, Hub artifacts, and distributed worker outputs before using Accelerate in production workflows.Workflows can process prompts, conversations, labels, documents, images, audio, video, PDFs, medical images, tabular records, agent traces, generated outputs, and evaluation examples. Local dataset caches, Apache Arrow files, downloaded archives, derived columns, indexes, logs, notebooks, and temporary files can retain sensitive examples outside the main application database. Hugging Face Hub downloads, uploads, private dataset access, storage buckets, hosted viewers, experiment trackers, and observability systems may process dataset names, access metadata, examples, metrics, or artifacts depending on setup. Embeddings, search indexes, filtered subsets, train/test splits, and preprocessed datasets should follow the same retention, deletion, access-control, and review rules as the original data. Teams should define who can inspect raw examples, derived datasets, failed preprocessing records, dataset cards, cache directories, Hub repositories, and published artifacts before using Datasets in production workflows.Diffusers workflows can process prompts, negative prompts, images, videos, audio, captions, masks, ControlNet inputs, embeddings, training datasets, generated outputs, model weights, and adapter weights. Local caches, model downloads, generated media, intermediate latents, training examples, checkpoints, logs, notebooks, and experiment artifacts can retain sensitive inputs outside the primary application database. Hugging Face Hub access, hosted checkpoints, private repositories, cloud storage, shared filesystems, observability systems, and experiment trackers may expose model names, dataset names, prompts, media, metrics, or artifacts depending on setup. The official installation docs say telemetry can be sent when loading models and pipelines from the Hub, including Diffusers and PyTorch versions, requested model or pipeline class, and hosted checkpoint path unless disabled. Teams should define who can inspect prompts, generated media, training records, cache directories, failed outputs, checkpoints, Hub artifacts, and moderation decisions before integrating Diffusers into production workflows.
Prerequisites
  • Python 3.10 or newer and a Python environment managed with pip, uv, or another package manager.
  • A selected model route, such as Hugging Face Inference Providers, local Transformers, Ollama, LiteLLM, OpenAI-compatible servers, Azure OpenAI, Bedrock, or another configured provider.
  • Provider credentials, Hugging Face tokens, local model access, or API keys stored outside source control.
  • A sandbox plan for CodeAgent execution when agents can run Python actions, browse, call tools, or interact with user files.
  • Python 3.8 or newer, compatible PyTorch environment, accelerator drivers, and the `accelerate` package installed from PyPI, conda, or the official repository.
  • Training or inference script with a raw PyTorch loop, model, optimizer, dataloaders, scheduler, checkpoint strategy, and known single-device baseline behavior.
  • Runtime configuration from `accelerate config`, `accelerate env`, or explicit launch arguments for CPU, single GPU, multi-GPU, TPU, DeepSpeed, FSDP, mixed precision, or multi-node execution.
  • Hardware and operations plan for GPU memory, process count, rendezvous settings, storage, checkpointing, failure recovery, cluster scheduling, and rollback.
  • Python environment with the `datasets` package and optional extras for the selected audio, vision, PDF, NIfTI, Torch, TensorFlow, JAX, or large-file workflow.
  • Approved dataset source, revision pin, license, data card, split/configuration choice, schema expectations, and fallback dataset plan.
  • Storage and runtime plan for local cache directories, streaming mode, multiprocessing, Apache Arrow files, large downloads, and network access to the Hugging Face Hub.
  • Data governance plan for local files, Hub datasets, private datasets, credentials, labels, evaluation examples, derived columns, and processed artifacts.
  • Python 3.8 or newer, PyTorch 2.6 or newer, compatible accelerator drivers, and the `diffusers` package installed with the extras needed for the selected pipeline, training, or optimization workflow.
  • Approved model checkpoint, model card, license, revision pin, pipeline class, scheduler choice, adapter plan, safety policy, and fallback model plan.
  • Hardware and runtime plan for CPU, GPU, Apple Silicon, memory offload, quantization, torch.compile, batch size, cache directories, checkpoint storage, and rollback.
  • Data governance plan for prompts, generated media, training images or videos, captions, embeddings, adapters, model weights, Hub tokens, logs, and published artifacts.
Install
pip install "smolagents[toolkit]"
Config
Citations
ClaimUnclaimedUnclaimedUnclaimedUnclaimed

Signals

Loading live community signals…

More like this, weekly

A short, calm digest of reviewed Claude resources. Unsubscribe any time.