method that may flip LLMs into precise brokers. It is because MCP gives instruments to your LLM which it will possibly use to retrieve reside info or carry out actions in your behalf.
Like all different instruments within the toolbox, I imagine that with a purpose to apply MCP successfully, it’s a must to perceive it completely. So I approached it in my normal manner: get my arms round it, poke it, take it aside, put it again collectively and get it working once more.
The targets of this week:
- get a strong understanding of MCP; what’s it?
- construct an MCP server and join it to an LLM
- perceive when to make use of MCP
- discover concerns round MCP
1) What’s MCP?
MCP (Mannequin Context Protocol) is protocol designed to increase LLM shoppers. An LLM shopper is something that runs an LLM: consider Claude, ChatGPT or your individual LangGraph agentic chatbot. On this article we’ll use Claude desktop as a LLM shopper and construct a MCP server for it that extends its skills.
First let’s perceive what MCP actually is.
A useful analogy
Consider MCP the identical manner you consider browser extensions. A browser extension provides capabilities to your browser. An MCP server provides capabilities to your LLM. In each circumstances you present a small program that the shopper (browser or LLM) can load and talk with to make it do extra.
This program known as an MCP server and LLM shoppers can use it to e.g. retrieve info or carry out actions.
When is a program an MCP server?
Any program can grow to be an MCP server so long as it implements the Mannequin Context Protocol. The protocol defines:
- which features the server should expose (capabilities)
- how these features should be described (device metadata)
- how the LLM can name them (with JSON request codecs)
- how the server should reply (with JSON end result codecs)
An MCP server is any program that follows the MCP message guidelines. Discover that language, runtime or location don’t matter.
Key capabilities:
- declaring instruments
- accepting a device name request
- executing the requested perform
- returning a end result or error
Instance of a tool-call message:
{
"technique": "instruments/name",
"params": {
"title": "get_weather",
"arguments": {"metropolis": "Groningen"}
}
}Sending this JSON means: “name the perform get_weather with arguments metropolis=’Groningen’.”
2) Creating an MCP server
Since any program will be an MCP server, let’s create one.
Think about we work for a cinema and we need to make it attainable for brokers to assist individuals purchase tickets. This fashion a consumer can resolve which film to select by chatting with ChatGPT or instruct Claude to purchase tickets.
After all these LLMs usually are not conscious of what’s taking place in our cinema so we’ll want to reveal our cinema’s API by way of MCP in order that the LLMs can work together with it.
The only attainable MCP server
We’ll use fastmcp, a Python package deal that wraps Python features in order that they conform to the MCP specs. We are able to can “current” this code to the LLM in order that they’re conscious of the features and may name them.
from fastmcp import FastMCP
mcp = FastMCP("example_server")
@mcp.device
def list_movies() -> str:
""" Record the flicks which are presently enjoying """
# Simulate a GET request to our /films endpoint
return ["Shrek", "Inception", "The Matrix", "Lord of the Rings"]
if __name__ == "__main__":
mcp.run()The code above defines a server and registers a device. The docstring and kind hints assist fastmcp describe the device to the LLM shopper (as required by the MCProtocol). The agent decides primarily based on this description whether or not the perform is appropriate in fulfilling the duty it’s got down to do.
Connecting Claude Desktop to the MCP server
To ensure that our LLM to be “conscious” of the MCP server, we’ve got to inform it the place to search out this system. We register our new server in Claude Desktop by opening Settings -> Developer and replace claude_desktop_config.json in order that it seems like this:
{
"mcpServers": {
"cinema_server": {
"command": "/Customers/mikehuls/explore_mcp/.venv/bin/python",
"args": [
"/Users/mikehuls/explore_mcp/cinema_mcp.py"
]
}
}
}Now that our MCP server is registered, Claude can use it. It name list_movies() for instance. The features in registered MCP servers grow to be first-class instruments that the LLM can resolve to make use of.
As you see, Claude has executed the perform from our MCP server and has entry to the ensuing worth. Very simple in just some strains of code.
With a couple of extra strains we wrap much more API endpoints in our MCP server and permit the LLM to name features that present screening occasions and even permit the LLM to carry out actions on our behalf by making a reservation:
Notice that though the examples are intentionally simplified, the precept stays the identical: we permit our LLM to retrieve info and act on our behalf, by way of the cinema API
3) When to make use of MCP
MCP is good when:
- You need an LLM to entry reside information
- You need an LLM to carry out actions (create duties, fetch information, write data)
- You need to expose inside techniques in a managed manner
- You need to share your instruments with others as a package deal they’ll plug into their LLM
Customers profit as a result of MCP lets their LLM grow to be a extra highly effective assistant.
Suppliers profit as a result of MCP lets them expose their techniques safely and constantly.
A standard sample is a “device suite” that exposes backend APIs. As an alternative of clicking by way of UI screens, a consumer can ask an assistant to deal with the workflow for them.
4) Issues
Since its launch in November 2024, MCP has been broadly adopted and shortly grew to become the default solution to join AI brokers to exterior techniques. However it’s not with out trade-offs; MCP introduces structural overhead and actual safety dangers, for my part, engineers ought to concentrate on earlier than utilizing it in prodution.
a) Safety
In the event you obtain an unknown MCP server and join it to your LLM, you might be successfully granting that server file and community entry, entry to native credentials and command execution permissions. A malicious device might:
- learn or delete information
- exfiltrate non-public information (
.sshkeys e.g.) - scan your community
- modify manufacturing techniques
- steal tokens and keys
MCP is just as save because the server you select to belief. With out guardrails you’re principally giving an LLM full management over your laptop. It makes it very simple to over-expose since you’ll be able to simply add instruments.
The browser-extension analogy applies right here as effectively: most are protected however malicious ones can do actual harm. Like browser extensions, use trusted sources like verified repositories, examine supply code if attainable and sandbox execution once you’re uncertain. Implement strict permissions and leas-privilege insurance policies.
b) Inflated context window, token inefficiency and latency
MCP servers describe each device intimately: names, argument schema’s, descriptions and end result codecs. The LLM shopper masses all this metadata up-front into the mannequin context in order that it is aware of which instruments exist and how you can use it.
Because of this in case your agent makes use of many instruments or complicated schemas, the immediate can develop considerably. Not solely does this use quite a lot of token, it additionally makes use of up remaining house for dialog historical past and task-specific directions. Each device you expose completely eats a slice of the obtainable context.
Moreover, each device name introduces reasoning overhead, schema parsing, context reassignment and a full round-trip from mannequin -> MCP shopper -> MCP server -> again to the mannequin. That is far too heavy for latency-sensitive pipelines.
c) Complexity shifts into the mannequin
The LLM should make all of the robust choices:
- whether or not to name a device in any respect
- which device to name
- which arguments to make use of
All of this occurs contained in the mannequin’s reasoning somewhat than by way of express orchestration logic. Though initially this feels magically handy and environment friendly, at scale this may increasingly grow to be unpredictable, tougher to debug and tougher to ensure deterministically.
Conclusion
MCP is easy and highly effective on the identical time. It’s a standardized solution to let LLMs name actual packages. As soon as a program implements MCP, any compliant LLM shopper can use it as an extension. This opens the door to assistants that may question API’s, carry out duties and work together with actual techniques in a structured manner.
However with nice energy comes nice accountability. Deal with MCP servers with the identical warning as software program that has full entry to your machine. Its design additionally introduces implications for token utilization, latency and pressure on the LLM. These trade-offs might undermine the core advantage of MCP is understood for: turning brokers into environment friendly, real-world instruments.
When used deliberately and securely, MCP gives a clear basis for constructing agentic assistants that may really do issues somewhat than simply discuss them.
I hope this text was as clear as I supposed it to be but when this isn’t the case please let me know what I can do to make clear additional. Within the meantime, take a look at my other articles on all types of programming-related subjects.
Glad coding!
— Mike
P.s: like what I’m doing? Comply with me!
