[rubslopes]

MCP allows you to easily separate API requests from their access tokens, so that the LLM only has access to the requests part. Giving an LLM CLI access removes all boundaries, anything goes.

EDIT: to add an example: I have a personal claw agent that I only use CLI, I don't care. But I'm also building an agent inside a company product, and there we use MCP all the way.

[octoberfranklin]

You can easily do this with simple Unix `chmod x-rw` on a wrapper that makes HTTP requests, adding the access token as it does.

[noplacelikehome]

The point is that you still need to expose a shell or a wrapper around exec to launch those commands. That is t appropriate when I want to lock the model down to working entirely from a sandboxed environment and expose some basic tools which are not “entire posix user space”.

MCP servers are not dead, they’re just overused in contexts they don’t really make sense in.