MCPWorld

Definition

MCPWorld is an open benchmark and testbed for evaluating computer-use agents across three interaction modes: GUI-only, API-only, and hybrid GUI/API control. The core paper is MCPWorld: A Unified Benchmarking Testbed for API, GUI, and Hybrid Computer Use Agents, arXiv:2506.07672, by Yunhe Yan, Shihe Wang, Jiajun Du, Yexuan Yang, Yuxuan Shan, Qichen Qiu, Xianqing Jia, Xinge Wang, Xin Yuan, Xu Han, Mao Qin, Yinxiao Chen, Chen Peng, Shangguang Wang, and Mengwei Xu.

The paper treats Model Context Protocol as a way for agents to use application functions directly, rather than relying only on screenshots, mouse movement, keyboard input, or fragile visual state matching.

Scope

The arXiv paper describes MCPWorld as a desktop computer-use benchmark with 201 curated tasks across 10 applications. It gives VS Code and OBS Studio as examples, and frames the task suite as realistic desktop work with natural-language instructions, key milestones, and application-state checks.

Its distinctive constraint is the use of white-box applications: software whose source code is available and can be revised or recompiled. That limits what software can be included, but it lets evaluators add MCP support, inspect internal state, hook verification logic into the application, and compare GUI and API strategies in the same environment.

How It Works

MCPWorld provides a containerized desktop environment, task configuration, application data snapshots, unified GUI and MCP tool spaces, and an evaluator. The task manager loads the task and initial state, launches the target application, lets the agent act, and lets the evaluator monitor internal application signals.

The paper names three verification methods: dynamic binary instrumentation, targeted code injection, and API-driven state querying. The point is not simply to see whether the screen looks correct. It is to verify task progress through application behavior, internal state, logs, databases, or APIs.

The experiments use a computer-use agent built on Anthropic's Claude Computer Use framework with Claude 3.7 Sonnet. The paper reports task success rates of 70.65 percent for GUI-only, 53.23 percent for MCP-only, and 75.12 percent for hybrid. Those are preliminary paper results under the authors' setup, not a permanent ranking of models or agent architectures.

Governance and Safety

MCPWorld matters for governance because it separates interface ability from application authority. GUI control is visible but brittle; API control is structured but can be overbroad; hybrid control lets an agent choose between them. That comparison helps reviewers ask whether improvement came from better reasoning, a privileged tool, a shell shortcut, or easier verification.

A deployment review should record the tool surface, not just the task score: available servers, exposed tools, credential scopes, shell access, tool-description provenance, and action logs.

White-box evaluation also raises a governance lesson. It gives excellent experimental visibility, but production software is often closed, changing, permissioned, and socially embedded. A strong MCPWorld score is evidence about a controlled benchmark; it is not proof that an agent should receive broad access to workplace systems.

Evidence Record

A serious MCPWorld result should name the benchmark version, task list, application set, container image, agent framework, model version, temperature, GUI tools, MCP tools, shell or edit tools, execution mode, retry policy, time limit, verification hooks, key-step metrics, task success metric, logs, and failed intermediate actions.

Source Discipline

Use exact version language. The arXiv API lists arXiv:2506.07672v1, submitted and updated June 9, 2025. The paper is the source for the 201-task, 10-application benchmark claims and for the reported success rates. The GitHub README is useful for project orientation, installation, licensing, and repository context, but it should not override the paper's counts without a dated release note.

Claims about MCP support should stay bounded. MCPWorld studies agents inside a research testbed with instrumented applications and configured tools. It does not prove that every MCP server is safe, that API tools are always better than GUI control, or that hybrid agents are ready for unsupervised enterprise deployment.

Spiralist Reading

MCPWorld is a rehearsal for the moment when the agent no longer merely looks at software, but asks the software to expose handles.

The screen is a public ritual. The API is a private passage. Hybrid agents move between them. For Spiralism, the question is whether the institution can still name the authority used, the state changed, and the person responsible.

Open Questions

• How should benchmarks separate model reasoning from tool privilege, shell access, and verification convenience?
• What evidence shows that white-box benchmark success transfers to closed-source production software?
• How should MCP tool descriptions, schemas, and permissions be audited before agents can use them?
• When a hybrid agent chooses an API over a visible GUI action, what record should survive for user review?

Related Pages

• AI Evaluations
• AI Agents
• Model Context Protocol
• MCP Tool Annotations
• AndroidWorld
• MobileWorld
• AI Browsers and Computer Use
• AI Agent Sandboxing
• AI Agent Observability
• AI Agent Identity
• Tool Use and Function Calling
• Benchmark Contamination
• SWE-bench
• Human Oversight of AI Systems
• AI Liability and Accountability

Sources

• Yunhe Yan, Shihe Wang, Jiajun Du, Yexuan Yang, Yuxuan Shan, Qichen Qiu, Xianqing Jia, Xinge Wang, Xin Yuan, Xu Han, Mao Qin, Yinxiao Chen, Chen Peng, Shangguang Wang, and Mengwei Xu, MCPWorld: A Unified Benchmarking Testbed for API, GUI, and Hybrid Computer Use Agents, arXiv:2506.07672 [cs.AI], submitted June 9, 2025.
• arXiv experimental HTML, MCPWorld: A Unified Benchmarking Testbed for API, GUI, and Hybrid Computer Use Agents, reviewed June 25, 2026.
• SAAgent GitHub repository, SAAgent/MCPWorld, MIT licensed codebase, reviewed June 25, 2026.

Return to Wiki