3 insider tips for using the Model Context Protocol effectively

The Model Context Protocol (MCP) offers an extremely powerful way to connect LLMs with outside data sources. 

But using it effectively involves carefully reviewing MCP servers and picking the one that best meets your integration requirements.

To help you navigate this, I’ve broken down some best practices you can apply—based on our experience in testing MCP servers and building them.

{{this-blog-only-cta}}

Review the MCP servers’ security controls

The LLM you use can easily confuse data types with one another, leading it to inadvertently share sensitive information to users.

For example, say you want to use a tool that can create employees in your HR software.

If your HR software labels the first name field “FN” and the last name field “SN” (short for surname), the LLM can accidentally mistake SN for social security number, leading it to write the employee’s social security number there. Any employee with access to the HR platform can then see the SSN.

To prevent security incidents like these from happening, adopt an MCP server that takes a few measures:

• Access control levels (ACLs): This only allows users to perform actions that fall within their level of permissions in the integrated application. In our example, if the employee wants to create a user, they wouldn’t be able to unless they’re an admin of the HR software

• Schema enforcement: A tool can define the parameters for specific fields, and any inputs that don't meet these parameters couldn’t get POSTed into an application 

Going back to our example, the tool can use the following input schema to ensure “sn” doesn’t include numbers:

‍{
  "name": "process_user_info",
  "description": "Processes user information including first name (fn) and surname (sn).",
  "inputSchema": {
    "type": "object",
    "properties": {
      "fn": {
        "type": "string",
        "description": "First name of the user"
      },
      "sn": {
        "type": "string",
        "description": "Surname of the user",
        "pattern": "^[a-zA-Z-]+$"
      }
    },
    "required": ["fn", "sn"]
  }
}

https://www.merge.dev/blog/model-context-protocol-security?blog-related=image

Learn how the MCP servers manage integrations

If you use MCP to support product integrations, you’ll probably still be responsible for:

• Handling API providers’ unique requirements, which includes incorporating rate limiting strategies like exponential backoff, retries, and pagination

• Dealing with the complexities of syncing data, whether that’s managing computational resources at scale efficiently or ensuring data consistency across distributed systems

• Implementing and updating authentication flows (OAuth 2.0, API keys, etc.) and onboarding instructions

• Handling errors gracefully and ensuring end users get instructions on fixing issues related to permissions and authentication

• Defining and maintaining normalized data models across categories (e.g., CRM, file storage, ticketing) to ensure your LLM generates reliable, non-sensitive, and accurate outputs

All of this work is extremely time intensive for your engineers, and if you’re looking to implement several integrations, this workload only grows exponentially.

To address this, look for MCP servers that offer ongoing support for their integrations. 

Related: How MCP compares with APIs

Assess the MCP servers’ tools carefully

Your LLM can easily perform the wrong action if the MCP server’s tools aren’t descriptive, comprehensive, and unique from one another.

To help you assess the quality of an MCP server’s tools, look for:

• Detailed names and descriptions: Each tool should have a unique name that explains its function clearly and a description that highlights what the tool does, what its purpose is, and the specific action(s) it takes. The same goes for the tool’s parameters
  

• Explicit parameter requirements: The tools should use JSON Schema to define each parameter, including specifying the data types, required fields, and constraints to ensure inputs are validated and correctly formatted
  

• Clear examples: While this isn’t necessary, providing sample inputs and expected outputs can help clarify how a tool works
  

• Robust error handling and validation: Check to see if the schema uses strict validation to ensure all inputs conform to the defined schema. This prevents errors and enhances reliability

Related: How to build an MCP server quickly

Give your agents access to the tools they need via Merge Agent Handler

Merge Agent Handler offers a single platform to securely connect your AI agents to more than a thousand tools for dozens of pre-built connectors (you can also auto-generate countless more connectors!).

Merge Agent Handler also offers the features and functionality you need to monitor and manage your agents’ integrations, from customizable alerts to fully-searchable logs to audit trails.

Start testing Merge Agent Handler today by signing up for a free account!