undefined

points

[-]

A few things: in this case, you have to provide the tool list in your prompt for the AI to know it exists. But you probably want the AI agent to be able to act and choose tools without you micromanaging and reminding it in every prompt, so then you'd need a tool list... and then you're back to providing the tool list automatically ala MCP again.

MCP can provide validation & verification of the request before making the API call. Giving the model a /tool/forecast URL doesn't prevent the model from deciding to instead explore what other tools might be available on the remote server instead, like deciding to try running /tool/imagegenerator or /tool/globalthermonuclearwar. MCP can gatekeep what the AI does, check that parameters are valid, etc.

Also, MCP can be used to do local computation, work with local files etc, things that web access wouldn't give you. CLI will work for some of those use cases too, but there is a maximum command line length limit, so you might struggle to write more than 8kB to a file when using the command line, for example. It can be easier to get MCP to work with binary files as well.

I tend to think of local MCP servers like DLLs, except the function calls are over stdio and use tons of wasteful JSON instead of being a direct C-function call. But thinking of where you might use a DLL and where you might call out to a CLI can be a useful way of thinking about the difference.

by Phlogistique4 hours ago|

prev|

[-]

The point is authorization. With full web access, your agent can reach anything and leak anything.

You could restrict where it can go with domain allowlists but that has insufficient granularity. The same URL can serve a legitimate request or exfiltrate data depending on what's in the headers or payload: see https://embracethered.com/blog/posts/2025/claude-abusing-net...

So you need to restrict not only where the agent can reach, but what operations it can perform, with the host controlling credentials and parameters. That brings us to an MCP-like solution.

by rvz3 hours ago|

parent|

[-]

But this is no different to using an API key with access controls and curl and you get the same thing.

MCP is just as worse version of the above allowing lots of data exfiltration and manipulation by the LLM.

by acchow2 hours ago|

parent|

[-]

But MCP uses Oauth. That is not a "worse version" of API keys. It is better.

The classic "API key" flow requires you to go to the resource site, generate a key, copy it, then paste it where you want it to go.

Oauth automates this. It's like "give me an API key" on demand.

by regularfry2 hours ago|

parent|

prev|

[-]

An MCP server lets you avoid giving the agent your API key so it can't leak it. At least in theory.

You could do the same with a CLI tool but it's more of a hassle to set up.

by fennecbutt2 hours ago|

prev|

[-]

For me (actually trying to get shit done using this stuff) it's validation.

Being able to have a verifiable input/output structure is key. I suppose you can do that with a regular http api call (json) but where do you document the openapi/schema stuff? Oh yeah...something like mcp.

I agree that mcp isn't as refined as it should be, but when used properly it's better than having it burn thru tokens by scraping around web content.

by ewidar4 hours ago|

prev|

[-]

One thing that I currently find useful on MCPs is granular access control.

Not all services provide good token definition or access control, and often have API Key + CLI combo which can be quite dangerous in some cases.

With an MCP even these bad interfaces can be fixed up on my side.

by iddan4 hours ago|

prev|

[-]

The prophecy of the hypermedia web

by Traubenfuchs4 hours ago|

parent|

[-]

I feel like I haven’t read anything about this in combination with mcp and like I am taking crazy pills: does no one remember hateoas?

by jbverschoor4 hours ago|

prev|

[-]

Proxying / gatekeeping