Instruments for Your LLM: a Deep Dive into MCP

approach that may flip LLMs into precise brokers. It is because MCP offers instruments to your LLM which it will probably use to retrieve reside info or carry out actions in your behalf.

Like all different instruments within the toolbox, I imagine that with a view to apply MCP successfully, you need to perceive it completely. So I approached it in my standard approach: get my arms round it, poke it, take it aside, put it again collectively and get it working once more.

The targets of this week:

• get a strong understanding of MCP; what’s it?
• construct an MCP server and join it to an LLM
• perceive when to make use of MCP
• discover concerns round MCP

1) What’s MCP?

MCP (Mannequin Context Protocol) is protocol designed to increase LLM shoppers. An LLM shopper is something that runs an LLM: consider Claude, ChatGPT or your individual LangGraph agentic chatbot. On this article we’ll use Claude desktop as a LLM shopper and construct a MCP server for it that extends its skills.

First let’s perceive what MCP actually is.

A useful analogy

Consider MCP the identical approach you consider browser extensions. A browser extension provides capabilities to your browser. An MCP server provides capabilities to your LLM. In each instances you present a small program that the shopper (browser or LLM) can load and talk with to make it do extra.

This program known as an MCP server and LLM shoppers can use it to e.g. retrieve info or carry out actions.

When is a program an MCP server?

Any program can change into an MCP server so long as it implements the Mannequin Context Protocol. The protocol defines:

1. which features the server should expose (capabilities)
2. how these features should be described (instrument metadata)
3. how the LLM can name them (with JSON request codecs)
4. how the server should reply (with JSON consequence codecs)

An MCP server is any program that follows the MCP message guidelines. Discover that language, runtime or location don’t matter.

Key capabilities:

• declaring instruments
• accepting a instrument name request
• executing the requested operate
• returning a consequence or error

Instance of a tool-call message:

{
  "methodology": "instruments/name",
  "params": {
    "title": "get_weather",
    "arguments": {"metropolis": "Groningen"}
  }
}

Sending this JSON means: “name the operate get_weather with arguments metropolis=’Groningen’.”

2) Creating an MCP server

Since any program could be an MCP server, let’s create one.

Think about we work for a cinema and we need to make it attainable for brokers to assist individuals purchase tickets. This manner a consumer can resolve which film to choose by chatting with ChatGPT or instruct Claude to purchase tickets.

After all these LLMs will not be conscious of what’s occurring in our cinema so we’ll want to reveal our cinema’s API by MCP in order that the LLMs can work together with it.

The only attainable MCP server

We’ll use fastmcp, a Python bundle that wraps Python features so that they conform to the MCP specs. We are able to can “current” this code to the LLM in order that they’re conscious of the features and may name them.

from fastmcp import FastMCP

mcp = FastMCP("example_server")

@mcp.instrument
def list_movies() -> str:
    """ Checklist the films which might be at present taking part in """
    # Simulate a GET request to our /films endpoint
    return ["Shrek", "Inception", "The Matrix", "Lord of the Rings"]

if __name__ == "__main__":
    mcp.run()

The code above defines a server and registers a instrument. The docstring and sort hints assist fastmcp describe the instrument to the LLM shopper (as required by the MCProtocol). The agent decides based mostly on this description whether or not the operate is appropriate in fulfilling the duty it’s got down to do.

Connecting Claude Desktop to the MCP server

To ensure that our LLM to be “conscious” of the MCP server, we have now to inform it the place to seek out this system. We register our new server in Claude Desktop by opening Settings -> Developer and replace claude_desktop_config.json in order that it appears to be like like this:

{
  "mcpServers": {
    "cinema_server": {
      "command": "/Customers/mikehuls/explore_mcp/.venv/bin/python",
      "args": [
        "/Users/mikehuls/explore_mcp/cinema_mcp.py"
      ]
    }
  }
}

Now that our MCP server is registered, Claude can use it. It name list_movies() for instance. The features in registered MCP servers change into first-class instruments that the LLM can resolve to make use of.

As you see, Claude has executed the operate from our MCP server and has entry to the ensuing worth. Very simple in only a few strains of code.

With just a few extra strains we wrap much more API endpoints in our MCP server and permit the LLM to name features that present screening instances and even enable the LLM to carry out actions on our behalf by making a reservation:

Word that though the examples are intentionally simplified, the precept stays the identical: we enable our LLM to retrieve info and act on our behalf, by the cinema API

3) When to make use of MCP

MCP is right when:

• You need an LLM to entry reside knowledge
• You need an LLM to carry out actions (create duties, fetch information, write information)
• You need to expose inside programs in a managed approach
• You need to share your instruments with others as a bundle they’ll plug into their LLM

Customers profit as a result of MCP lets their LLM change into a extra highly effective assistant.

Suppliers profit as a result of MCP lets them expose their programs safely and constantly.

A standard sample is a “instrument suite” that exposes backend APIs. As an alternative of clicking by UI screens, a consumer can ask an assistant to deal with the workflow for them.

4) Issues

Since its launch in November 2024, MCP has been extensively adopted and shortly grew to become the default strategy to join AI brokers to exterior programs. Nevertheless it’s not with out trade-offs; MCP introduces structural overhead and actual safety dangers, in my view, engineers ought to pay attention to earlier than utilizing it in prodution.

a) Safety

If you happen to obtain an unknown MCP server and join it to your LLM, you’re successfully granting that server file and community entry, entry to native credentials and command execution permissions. A malicious instrument might:

• learn or delete information
• exfiltrate personal knowledge (.ssh keys e.g.)
• scan your community
• modify manufacturing programs
• steal tokens and keys

MCP is just as save because the server you select to belief. With out guardrails you’re mainly giving an LLM full management over your laptop. It makes it very simple to over-expose since you’ll be able to simply add instruments.

The browser-extension analogy applies right here as effectively: most are protected however malicious ones can do actual injury. Like browser extensions, use trusted sources like verified repositories, examine supply code if attainable and sandbox execution if you’re uncertain. Implement strict permissions and leas-privilege insurance policies.

b) Inflated context window, token inefficiency and latency

MCP servers describe each instrument intimately: names, argument schema’s, descriptions and consequence codecs. The LLM shopper hundreds all this metadata up-front into the mannequin context in order that it is aware of which instruments exist and tips on how to use it.

Which means in case your agent makes use of many instruments or complicated schemas, the immediate can develop considerably. Not solely does this use lots of token, it additionally makes use of up remaining house for dialog historical past and task-specific directions. Each instrument you expose completely eats a slice of the out there context.

Moreover, each instrument name introduces reasoning overhead, schema parsing, context reassignment and a full round-trip from mannequin -> MCP shopper -> MCP server -> again to the mannequin. That is far too heavy for latency-sensitive pipelines.

c) Complexity shifts into the mannequin

The LLM should make all of the powerful selections:

• whether or not to name a instrument in any respect
• which instrument to name
• which arguments to make use of

All of this occurs contained in the mannequin’s reasoning somewhat than by specific orchestration logic. Though initially this feels magically handy and environment friendly, at scale this will likely change into unpredictable, more durable to debug and harder to ensure deterministically.

Conclusion

MCP is straightforward and highly effective on the identical time. It’s a standardized strategy to let LLMs name actual packages. As soon as a program implements MCP, any compliant LLM shopper can use it as an extension. This opens the door to assistants that may question API’s, carry out duties and work together with actual programs in a structured approach.

However with nice energy comes nice duty. Deal with MCP servers with the identical warning as software program that has full entry to your machine. Its design additionally introduces implications for token utilization, latency and pressure on the LLM. These trade-offs could undermine the core good thing about MCP is thought for: turning brokers into environment friendly, real-world instruments.

When used deliberately and securely, MCP gives a clear basis for constructing agentic assistants that may really do issues somewhat than simply speak about them.

I hope this text was as clear as I meant it to be but when this isn’t the case please let me know what I can do to make clear additional. Within the meantime, take a look at my different articles on every kind of programming-related matters.

Comfortable coding!

— Mike

P.s: like what I’m doing? Comply with me!