Why MCP is a nightmare

MCP, or Modular Communication Protocol, is criticized for its current implementation, which is fraught with security, versioning, and usability issues, making it less favorable compared to direct API integrations. Initially appealing as a plug-and-play tool for LLM clients, MCP has become problematic due to insecure, DIY server implementations and a lack of proper server-side support, leading to potential security risks from code run as local processes, often in languages like Python and NodeJS that are prone to vulnerabilities. Additionally, MCP lacks established versioning practices, complicating updates and dependency management, and presents usability challenges due to the need for language-specific tooling and complex configurations. The process has been likened to an overcomplicated SDK, with the article suggesting that frameworks like Huggingface’s SmolAgents, which allow for short-lived scripts in sandboxes rather than persistent infrastructure, are more aligned with the current state of LLMs. MCP's practicality is largely limited to chat interfaces, as direct API integrations remain a more efficient, secure, and manageable approach given the absence of generic agents in the AI landscape.