> The first value for their downstream (OpenAI, Anthropic, etc) is REST call vs arbitrary code execution.
Is this an advantage? Phrased differently, every MCP that could have been a CLI call is a new opportunity for sandbox escape.
> The first value for their downstream (OpenAI, Anthropic, etc) is REST call vs arbitrary code execution.
Is this an advantage? Phrased differently, every MCP that could have been a CLI call is a new opportunity for sandbox escape.
I don’t follow. It’s the other way around. Would you rather run an arbitrary binary blob (aka: a random cli) or `curl`?
Edit: Maybe to clarify, I’m talking about remote MCP. Local MCP is obviously nonsensical. Remote MCP is very much thriving aggressively.
If the random blob is running inside of a real sandbox (Landlock/Bubblewrap, VM, ...Docker) then I would take the blob, because I can reason about its capabilities without inspecting its internals. The LLM can run curl as much as it wants if I've `unshare()`d its network access. MCP is an instant obligatory sandbox escape unless I also manage to deploy all the MCP servers inside the sandbox.
And yes, sorry, I was talking about local MCP. I should have made that clear. I do see people using local MCP quite a bit (Ghidra MCP, Playwright MCP, etc), but maybe this is more of a hobbyist thing.