I have seen a few of these tools and yet to see usefulness further than not having to edit config manually for each client. Wishlist for something I would use:
- Always run MCP in a sandbox
- If I am gonna browse open source MCP and try them out casually, I need to control permission better than approving tool calling blindly. I prefer to auto approve all calls but control permission for directory access (if run outside of sandbox), or network calls based on configurable criteria
most of the MCP tools use Python env (uvx) or Node or even Java to run ANY CODE on your machine, so even the python virtual env is a sandbox but it's to isolate the dependencies not the file/network access. If you are unlucky, you can still install a malware mcp server to clean up your disk or send your photos to somewhere. MCP servers are just local scripts. There are some permission control from deno but this is not the only runtime engine for MCP server. It'll be cool to have something like Chrome extension permission or iOS/Android permission ask, but I highly doubt this will be available since on your local server, there are just too many ways to run scripts.
Running a mcp tool is expected to be lightweight. Starting a docker container is not impossible but will make this process a bit heavy. Maybe in the future the MCP client can provide python/nodejs runtime and also have extra flag to allow the users to confirm the requested permissions for certain mcp tools. Today running MCP servers with whatever executable available locally is too risky
- Always run MCP in a sandbox
- If I am gonna browse open source MCP and try them out casually, I need to control permission better than approving tool calling blindly. I prefer to auto approve all calls but control permission for directory access (if run outside of sandbox), or network calls based on configurable criteria
- An UI for tracking of calls