[Sector // Armory]

Build with AI - and know what it can touch.

The Model Context Protocol gives assistants real powers: files, code, databases, dashboards. That capability is the point - and the risk. Here's how to wire tools in with leverage instead of blind trust.

00:00:00
What MCP is01 // 03

An open standard for connecting AI assistants to tools and data - “a USB-C port for AI.” One server, any compatible assistant can use it.

Why it matters02 // 03

It's how an assistant stops working from what you paste and starts reading and acting on your real systems. A genuine capability jump.

The catch03 // 03

Every server you add expands what the model can touch. An opaque server is a browser extension with filesystem access - treat it that way.

The MCP safety checklist

Run before installing any server // no exceptions

  • 01What systems can it access?
  • 02Can it read files? Can it write files?
  • 03Can it access private repositories?
  • 04Can it query - or mutate - databases?
  • 05Can it send messages or trigger actions?
  • 06Does it expose secrets, tokens, or credentials?
  • 07Can prompt injection manipulate it?
  • 08Are tool calls logged?
  • 09Is there human approval for risky actions?
[Capability categories]
Local files
does
Read and write files on your machine.
risk
Over-broad access; accidental writes.
safer
Scope to one project folder; approve writes.
GitHub / code
does
Read repos, open PRs, read issues.
risk
Private-repo exposure; acting on poisoned issue text.
safer
Read-only token first; split read vs write agents.
Databases
does
Query and sometimes mutate data.
risk
Destructive queries; pulling sensitive rows into context.
safer
Read-only role unless writes are the task.
Browser / web
does
Fetch and act on web pages.
risk
Indirect prompt injection from page content.
safer
Treat fetched content as data; gate actions.
Productivity
does
Email, calendars, messaging, tasks.
risk
Sending or deleting on your behalf.
safer
Confirm send / delete / invite.
Custom APIs
does
Hit your internal services and CRMs.
risk
Broad, ungoverned access; credential sprawl.
safer
One server, one job; rotate scoped tokens.

New tools land every week.

The Signal tracks what's worth your time - and what can quietly leak data.

Threat feed00%