[Sector // Armory]
Build with AI - and know what it can touch.
The Model Context Protocol gives assistants real powers: files, code, databases, dashboards. That capability is the point - and the risk. Here's how to wire tools in with leverage instead of blind trust.
00:00:00SEC-03 // ARMORY
What MCP is01 // 03
An open standard for connecting AI assistants to tools and data - “a USB-C port for AI.” One server, any compatible assistant can use it.
Why it matters02 // 03
It's how an assistant stops working from what you paste and starts reading and acting on your real systems. A genuine capability jump.
The catch03 // 03
Every server you add expands what the model can touch. An opaque server is a browser extension with filesystem access - treat it that way.
The MCP safety checklist
Run before installing any server // no exceptions
- 01What systems can it access?
- 02Can it read files? Can it write files?
- 03Can it access private repositories?
- 04Can it query - or mutate - databases?
- 05Can it send messages or trigger actions?
- 06Does it expose secrets, tokens, or credentials?
- 07Can prompt injection manipulate it?
- 08Are tool calls logged?
- 09Is there human approval for risky actions?
Local files
- does
- Read and write files on your machine.
- risk
- Over-broad access; accidental writes.
- safer
- Scope to one project folder; approve writes.
GitHub / code
- does
- Read repos, open PRs, read issues.
- risk
- Private-repo exposure; acting on poisoned issue text.
- safer
- Read-only token first; split read vs write agents.
Databases
- does
- Query and sometimes mutate data.
- risk
- Destructive queries; pulling sensitive rows into context.
- safer
- Read-only role unless writes are the task.
Browser / web
- does
- Fetch and act on web pages.
- risk
- Indirect prompt injection from page content.
- safer
- Treat fetched content as data; gate actions.
Productivity
- does
- Email, calendars, messaging, tasks.
- risk
- Sending or deleting on your behalf.
- safer
- Confirm send / delete / invite.
Custom APIs
- does
- Hit your internal services and CRMs.
- risk
- Broad, ungoverned access; credential sprawl.
- safer
- One server, one job; rotate scoped tokens.
New tools land every week.
The Signal tracks what's worth your time - and what can quietly leak data.
Threat feed00%