it's straightforward to spin up a custom MCP wrapper around any API with whatever access controls you want
the only time i reach for official MCP is when they offer features that are not available via API - and this annoys me to no end (looking at you Figma, Hex)
Indeed, ever since MCPs came out, I would always either wrap or simply write my own.
I needed to access Github CI logs. I needed to write Jira stories. I didn't even bother glancing at any of the several existing MCP servers for either one of them - official or otherwise. It was trivial to vibe code an MCP server with precisely the features I need, with the appropriate controls.
Using and auditing an existing 3rd party MCP server would have been more work.
That’s what we’re doing, but it’s annoying. Why can’t they just let us limit access for the official MCP easily?
Agreed. Sounds like a failure of the services, but not MCP. Can't believe in 2026 we don't have better permissions on systems like this.
“Communism can work we just did not see a good implementation of it”. If majority of implementations fail at it -> protocol is defined incorrectly. With security first approach it would not be the case.