a process that can transform LLMs into real agents. This is because the MCP provides tools for your LLM that you can use retrieve live information or do the actions instead of you.
Like all other tools in the toolbox, I believe that to use MCP effectively, you must understand it well. So I approached it my usual way: run my hands around it, squeeze it, take it apart, put it back together and make it work again.
This week's goals:
- get a strong understanding of MCP; what's up
- build the MCP server and connect it to LLM
- understand time to use MCP
- check consideration near the MCP
1) What is MCP?
MCP (Model Context Protocol) is a protocol designed to extend LLM clients. LLM client or anything that uses LLM: think Claude, ChatGPT or your own LangGraph for agent chat. In this article we will use the Claude desktop as an LLM client and create an MCP server for it that extends its capabilities.
First let's understand what MCP actually is.
A useful analogy
Think of MCP the same way you think of browser extensions. A browser extension adds power to your browser. MCP Server adds power to your LLM. In both cases you provide a small program that the client (browser or LLM) can load and interact with to make it do more.
This system is called the MCP server and LLM clients can use it to eg retrieve information or perform actions.
When is the program an MCP server?
Any program can be an MCP server as long as it uses the Model Context Protocol. The protocol states:
- what functions the server should expose (capabilities)
- how these functions should be defined (tool metadata)
- how LLM can call them (in JSON request formats)
- how the server should respond (in JSON output formats)
An MCP server is any program that follows the MCP message rules. Note that language, time of operation or location does not matter.
Key strengths:
- advertising tools
- accepting a tool call request
- we do the requested work
- return result or error
An example of a tool call message:
{
"method": "tools/call",
"params": {
"name": "get_weather",
"arguments": {"city": "Groningen"}
}
}Sending this JSON means: “call function get_weather with arguments city='Groningen'.”
2) Creating an MCP server
Since any program can be an MCP server, let's create one.
Imagine we work for a cinema and we want to enable agents to help people buy tickets. In this way a user can decide which movie to choose by chatting with ChatGPT or instruct Claude to buy tickets.
Of course these LLMs do not know what is happening in our cinema so we will have to expose our cinema API through MCP so that the LLMs can communicate with it.
A very simple MCP server
We will use fastmcpa Python package that wraps Python functions to conform to the MCP specification. We can “introduce” this code to LLM so they know about the functions and can call them.
from fastmcp import FastMCP
mcp = FastMCP("example_server")
@mcp.tool
def list_movies() -> str:
""" List the movies that are currently playing """
# Simulate a GET request to our /movies endpoint
return ["Shrek", "Inception", "The Matrix", "Lord of the Rings"]
if __name__ == "__main__":
mcp.run()The code above defines the server and registers the tool. The docstring and type hints help fastmcp describe the tool to the LLM client (as required by MCrotocol). The agent decides based on this description whether the worker is suitable for fulfilling the task he is assigned to perform.
Connects Claude Desktop to the MCP server
In order for our LLM to “know” about the MCP server, we have to tell it where to find the program. We register our new server to Claude Desktop by opening Settings -> Developer and review claude_desktop_config.json so it looks like this:
{
"mcpServers": {
"cinema_server": {
"command": "/Users/mikehuls/explore_mcp/.venv/bin/python",
"args": [
"/Users/mikehuls/explore_mcp/cinema_mcp.py"
]
}
}
}Now that our MCP server is registered, Claude can use it. It's expensive list_movies() For example. Services on registered MCP servers become first-class tools that LLM can decide to use.
As you can see, Claude has done the work on our MCP server and he has access to the resulting value. It's very simple in a few lines of code.
With a few more lines we wrap multiple API points in our MCP server and allow LLM to call functions that show test times and allow LLM to perform actions for us by making reservations:
Note that although the examples are deliberately simplified, the goal remains the same: we allow our LLM to find information and do it for us, with the cinema API.
3) When is MCP used
MCP is suitable if:
- You want to reach an LLM live data
- He wants to do LLM do the actions (create jobs, download files, write records)
- You want to expose internal systems in a controlled manner
- You want to share your tools and others as a package can connect to their LLM
Users benefit because the MCP allows their LLM to be a more powerful assistant.
Providers benefit because MCP allows them to expose their systems securely and continuously.
A common pattern is a “tool suite” that exposes back-end APIs. Instead of clicking on UI screens, the user can ask the assistant to manage the workflow for them.
4) Thoughts
Since its release in November 2024, MCP has been widely adopted and quickly became the default way to connect AI agents to external systems. But it is not without trade-offs; MCP introduces structural overhead and real security risks, in my opinion, developers should be aware of before using it in production.
a) Security
When you download an anonymous MCP server and connect it to your LLM, you effectively give that server file and network access, access to local credentials and command permissions. A malicious tool can:
- read or delete files
- extract private data (
.sshkeys eg) - scan your network
- modify production systems
- steal tokens and keys
MCP is maintained only as a server that you choose to trust. Without Guardrails you are essentially giving LLM full control over your computer. It makes it very easy to overexpose as you can easily add tools.
The browser extension analogy applies here too: many are safe but malicious ones can do real damage. As with browser extensions, use reliable sources such as verified repositories, check the source code if possible and use sandboxing if you are unsure. Implement strict permissions and right-of-lease policies.
b) Rising content window, token inactivity and latency
MCP servers describe all tools in detail: names, argument schema, definitions and result formats. The LLM client pre-loads all this metadata into the model context so it knows what tools are available and how to use them.
This means that if your agent uses more tools or more complex schemes, the information can grow significantly. This not only uses more tokens, it also uses the remaining space for chat history and task-specific commands. Every tool you expose permanently consumes a piece of available context.
Additionally, every tool call introduces overhead reasoning, schema parsing, context reallocation and a full round trip from model -> MCP client -> MCP server -> back to model. This is far too heavy for delay-sensitive pipelines.
c) Complexity changes to the model
The LLM must make all the difficult decisions:
- or calling the tool at all
- which tool would you call
- what arguments to use
All of this happens within model logic rather than using explicit orchestration logic. While at first this sounds like magic and works well, at scale this can be unpredictable, difficult to fix and even more difficult to confirm definitively.
The conclusion
MCP is simple and powerful at the same time. It is a common way to let LLMs drive real programs. Once the system uses MCP, any compliant LLM client can use it as an extension. This opens the door for assistants to query APIs, perform tasks and interact with real systems in a structured way.
But with great power comes great responsibility. Treat MCP servers with the same caution as software that has full access to your machine. Its design also introduces implications for token usage, latency and complexity in LLM. This trade-off may undermine the main benefit MCP is known for: turning agents into effective real-world tools.
When used purposefully and securely, MCP provides a clean foundation from which to build potential agent assistants do things rather than just talking about them.
I hope this article was as clear as I intended but if not please let me know what I can do to clarify further. In the meantime, check out mine other topics on all kinds of topics related to the program.
Enjoy coding!
— Mike
Ps: what am I doing? Follow me!
