HN Distilled

Essential insights from Hacker News discussions

MCP doesn't need tools, it needs code

Original Article

Hacker News Discussion

The Hacker News discussion revolves around the Model Context Protocol (MCP), its utility, its limitations, and the general approach to enabling LLMs to interact with external tools and data. The conversation touches on the importance of clear documentation and abbreviation definition, the perceived complexity and security implications of MCP, and alternative approaches to tool integration.

Clarity and the Use of Acronyms

A significant portion of the discussion focuses on the expectation that technical articles should be accessible, particularly regarding the use of acronyms and jargon. Some users expressed frustration with the assumption that readers would immediately understand specialized terminology like "MCP."

  • yxhuvud initiated this thread by stating, "First rule of writing about something that can be abbreviated: First have some explanation so people have an idea of what you are talking about. Either type out what the abbreviation stands for, have an explanation or at least a link to some other page that explain what is going on." They later clarified that a link to a previous post is insufficient if it requires an additional "goose chase" to understand the topic.
  • dkdcio defended the original author, suggesting a different perspective: "this is a wild position. it would have taken you the same amount of time to type your question(s) into your favorite search engine or LLM to learn what the terms mean as you now have spent on this comment thread. the idea that every article should contain all prerequisite knowledge for anybody at any given level of context about any topic is absurd."
  • reactordev asserted that "MCP is Model Context Protocol, welcome to the land of the living. Make sure you turn the lights off to the cave. :)" and believed it to be "pretty well known by now."
  • klez countered this, admitting, "I, for one, still need to look it up every time I see it mentioned. Not everyone is talking or thinking about LLMs every waking minute."
  • jeroenhd offered a pragmatic view: "If you don't know the abbreviation, that can also mean you're not the target audience. This is a blog post written for an audience that uses multiple MCP servers, arguing for a different way to use LLMs. If you need the term explained and don't care enough to throw the abbreviation into Google, you're not going to care much about what's being said anyway."
  • jahsome pointed out that the term was indeed explained: "Are you referring to MCP? If so, it's fully spelled out in the first sentence of the first paragraph, and links to a more thorough post on the subject. That meets 2 of the 3 criteria you've dictated."
  • The ambiguity of "MCP" was also highlighted, with users suggesting other meanings:
    • koakuma-chan: "Minecraft Coder Pack"
    • tronreference: "Master Control Program" referencing the Disney movie Tron.

Security and Sandboxing Concerns with MCP

A significant theme is the security implications of allowing LLMs to interact with external systems, and how MCP addresses (or fails to address) these concerns. The idea of sandboxing LLM access to tools and code is a prominent sub-theme.

  • xavierx raised immediate security alarms: "Is this just code injection? It’s talking about passing Python code in that would have a Python interpreter tool. Even if you had guardrails setup that seems a little chancery, but hey this is the time of development evolution where we’re letting AI write code anyway, so why not give other people remote code execution access, because fuck it all."
  • preek shared his approach to security by sandboxing AI tools, linking to his Guix and Bubblewrap implementations: "I put my AI assistant in a sandbox. There, it can do whatever it wants, including deleting or mutating anything that would otherwise be harmful."
  • philipp-gayret echoed the sentiment for more mature solutions, stating, "At the moment it all seems not a mature enough solution and Id rather mount a Python sandbox with API keys to what it needs than connect an MCP tool on my own machine." This indicates a preference for explicit, controlled access over a more generalized tool-calling protocol for sensitive operations.
  • CharlieDigital presented a project designed for safer code execution by an LLM: "A few weeks back, I actually started working on an MCP server that is designed to let the LLM generate and execute JavaScript in a sandboxed C# runtime with Jint. ... Let's the LLM safely generate and execute whatever code it needs."

MCP's Efficacy and Alternatives

Users debated the effectiveness and necessity of MCP itself, with some arguing for simpler or more direct methods of integrating LLMs with external tools and APIs.

  • juanviera23 questioned the need for MCP servers, suggesting direct API endpoint connections: "I agree MCP has these flaws, idk why we need MCP servers when LLMs can just connect to the existing API endpoint. Started on working on an alternative protocol, which lets agents call native endpoints directly (HTTP/CLI/WebSocket) via “manuals” and “providers,” instead of spinning up a bespoke wrapper server."
  • faangguyindia shared a negative experience with MCP, finding it difficult to use and buggy when attempting to build a Node CLI tool: "Here is why MCP is bad, here i am trying to use MCP to build a simple node cli tool to fetch documentation from Context7: ... And it doesn't work even after 10 attemps. Fails and i've no idea why, meanwhile python code works without issues but i can't use that one as it conflicts with existing dependencies in aider." They concluded, "I am never gonna bother with this again, it can be built as a simple rest API, why we even need this ugly protocol?"
  • jumploops critically analyzed the promise of MCP: "The promise of MCP is that it “connects your models with the world”[0]. In my experience, it’s actually quite the opposite. By giving an LLM a set of tools, 30 in the Playwright case from the article, you’re essentially restricting what it can do. In this sense, MCP is more of a guardrail/sandbox for an LLM, rather than a superpower (you must choose one of these Stripe commands!)." They noted that while this is good for specific, restricted roles, it's not ideal for unbounded tasks like pair programming.

Composable and Debuggable LLM Tooling

A desire for more sophisticated and user-friendly ways to manage LLM interactions with tools was also present, focusing on composition, debugging, and previewing data flows.

  • philipp-gayret expressed a wish for more seamless composition: "Even better if MCP tooling wouldn't yield huge amounts of output that pollutes the context and the output of one can be input to the next, so indeed that may as well be code. Would be nice if there was a way for agents to work with MCPs as code, preview or debug the data flowing through them."