| ▲ | simonw 7 hours ago |
| I know of two benefits to MCP over Skills: - If your agent doesn't have a full Bash-style code execution environment it can't run skills. MCP is a solid option for wiring in tools there. - MCP can help solve authentication, keeping credentials for things in a place where the agent can't steal those credentials if it gets compromised. MCPs can also better handle access control and audit logging in a single place. |
|
| ▲ | simianwords 5 hours ago | parent | next [-] |
| I don't agree with either. Skills with an API exposed by the service solves both your problems. The LLM can look at the OpenAPI spec and construct queries - I often do this pretty easily. |
| |
| ▲ | simonw 5 hours ago | parent | next [-] | | How can you disagree with my first point? You can't use skills if you don't have a Bash environment in which to run them. Do you disagree? Skills with an API exposed by the service usually means your coding agent can access the credentials for that service. This means that if you are hit by a prompt injection the attacker can steal those credentials. | | |
| ▲ | ntonozzi 5 hours ago | parent | next [-] | | Something like Cloudflare's Code Mode fixes both of these! No privileged bash environment, no VM necessary, no exposing credentials to the LLM. As the article states, LLMs are fantastic at writing code, and not so good at issuing tool calls. | |
| ▲ | simianwords 5 hours ago | parent | prev [-] | | Fair points, learned something new. |
| |
| ▲ | mememememememo 5 hours ago | parent | prev [-] | | It creates a new problem. I need an isolated shell environment. I need to lock it down. I need containers. I need to ensure said containers are isolated and not running as root. I probably need Kubernetes to do this at scale. &tc Also even with above there is more opportunity for the bot to go off piste and run cat this and awk that. Meanwhile the "operator" i.e. the Grandpa who has an iPhone but never used a computer has no chance of getting the bot back on track as he tries to renew his car insurance. "Just going to try using sed to get the output of curl https://.." "I don't understand I just want to know the excess for not at fault incident when the other guy is uninsured". Everyone has gone claw-brained. But it really is ok to write code and save that code to disk and execute thay code later. You can use MCP or even just hard coded API call from your back end to the service you wanna use like it's 2022. |
|
|
| ▲ | staticassertion 6 hours ago | parent | prev | next [-] |
| Can you explain the auth part? I feel like auth for an agent is largely a matter of either verifying its context or issuing it a JWT that's scoped to its rights, which I assume is quite similar to how any tools would work. But I'm very unfamiliar with MCP. |
| |
| ▲ | monkpit 6 hours ago | parent [-] | | I think they’re saying you could start up the mcp and pass it creds/auth for some downstream service, and then the LLM uses the tool and has auth but doesn’t know the creds. | | |
| ▲ | simonw 6 hours ago | parent | next [-] | | Right. If you're running a CLI tool that is authenticated there's effectively no way to prevent the coding agent from accessing those credentials itself - they're visible to the process, which means they're visible to the agent. With MCP you can at least set things up such that the agent can't access the raw credentials directly. | | |
| ▲ | zbentley 6 hours ago | parent [-] | | This is right. It’s not about scoping auth, it’s about preventing secret misuse/exfil. (Moved from wrong sub) |
| |
| ▲ | staticassertion 3 hours ago | parent | prev | next [-] | | Oh. Yeah, that's neat at least. I don't think it's a big deal but that's nice enough. | |
| ▲ | JambalayaJimbo 5 hours ago | parent | prev | next [-] | | The MCP implementation is itself an agent right? Is that not just pushing the problem somewhere else? Also, I run programs on my machine with a different privilege level than myself all the time. Why can’t an agent do that? | | |
| ▲ | conception 5 hours ago | parent | next [-] | | No, mcp just is a server that returns prompts to the llm. The server can be/do whatever. You can have an echo mcp that list echoes back whatever you send it. | |
| ▲ | simonw 5 hours ago | parent | prev [-] | | I define the agent as the harness that runs the LLM in a loop calling tools. The MCI implementation is one of those tools. I wouldn't call an MCP implementation an agent. |
| |
| ▲ | 6 hours ago | parent | prev [-] | | [deleted] |
|
|
|
| ▲ | throwuxiytayq 5 hours ago | parent | prev | next [-] |
| - MCPs can be long-running processes that have state, e.g., they can maintain a persistent connection with a server or local software. - MCPs are trivial to write and maintain - at least in my experience and language of choice - and bash scripts are cursed. But I guess you can use a different scripting language. - Agents can pollute their context by reading the script. I want to expose a black box that just works. |
|
| ▲ | tomjwxf 5 hours ago | parent | prev [-] |
| [dead] |
