If you've been using Claude Code without MCP servers, you've been using it with one hand tied behind its back. MCP — the Model Context Protocol — is what gives Claude Code access to the tools, data, and services that make it actually useful for production work. Understanding what it is and which servers to install is one of the highest-leverage things you can do to improve your Claude Code setup.
What MCP actually is
MCP stands for Model Context Protocol. It's a standard that defines how an AI application (Claude Code, in this case) can connect to external tools and data sources. Think of it as a plugin system with a standard interface: any server that implements the MCP protocol can expose tools, resources, and prompts to Claude Code.
The practical upshot: instead of Claude Code being limited to what it can do with your local file system and shell, MCP servers let it interact with external systems — GitHub, Google Drive, databases, APIs, browsers, search engines — in a structured, auditable way.
MCP is not Claude-specific. Other AI tools implement it too, and any MCP server you build or install can work across multiple clients. But Claude Code's MCP integration is currently the deepest and most capable in the market, which is part of why the ecosystem matters so much here.
What MCP servers actually give your agent
Each MCP server exposes a set of tools that Claude Code can call as part of its reasoning process. The agent sees these tools the same way it sees built-in tools — it can choose to use them based on what the task requires.
File system and data access. Read and write files in directories you authorize, query databases, access file metadata. Useful for giving Claude Code access to data sources that aren't in the working directory.
Version control. GitHub's MCP server lets Claude Code read issues, pull requests, commits, and repo metadata. Create issues, comment on PRs, check workflow status — without you having to copy-paste content into the session.
Web search. A Brave or Tavily search server lets Claude Code look things up when it needs information that isn't in its context or in the repository. For research-heavy tasks, this is significant.
Browser control. Playwright and Puppeteer MCP servers let Claude Code actually use a browser — navigate to URLs, fill forms, take screenshots, extract content. Useful for tasks that require interacting with web-based tools.
Communication. Slack, email, and calendar MCP servers let Claude Code send messages, check schedules, or read notifications as part of a workflow.
Custom tools. You can build your own MCP server that exposes any tool you need — your internal APIs, your database queries, your deployment pipeline. The protocol is well-documented and not hard to implement.
The servers worth installing first
Not all MCP servers are equally useful for day-to-day work. These are the ones with the highest utility-to-setup-cost ratio:
Filesystem server (official). Gives Claude Code structured access to specified directories. More reliable than raw file system access for some workflows, with explicit permission scoping.
GitHub server. If you use GitHub, this is close to mandatory. Read repo context, create issues, check PR status, look at CI results — all without leaving the Claude Code session.
Brave Search or Tavily. Web search when Claude Code needs information it doesn't have. Cheap to set up, high value for research-adjacent tasks.
Memory server. Persistent storage that Claude Code can read and write across sessions. Useful for maintaining context about a project that would otherwise be lost when a session ends.
Sqlite or Postgres server. Direct database access for tasks that involve reading or writing data. Much more reliable than asking Claude Code to write SQL and run it via bash.
Building your own MCP server
The protocol is straightforward. An MCP server is a process that communicates via stdin/stdout or HTTP, responds to a standard set of messages, and exposes tools with JSON Schema definitions.
In Python:
from mcp.server import Server, tool
from mcp.server.stdio import stdio_server
server = Server("my-tools")
@server.tool()
def get_project_status(project_id: str) -> str:
"""Get the current status of a project from the internal API."""
# your implementation here
return fetch_status(project_id)
if __name__ == "__main__":
stdio_server(server)Once your server is running, add it to Claude Code's MCP configuration and Claude Code can call your tools as naturally as it calls built-in ones.
The most valuable custom servers are the ones that expose your specific internal systems — your deployment API, your internal documentation, your project management tool. These give Claude Code genuine context about your work that no general-purpose server can provide.
Security considerations
MCP servers have access to whatever systems they're connected to. A misconfigured server is a privilege escalation vector — if Claude Code can call a tool that Claude Code shouldn't have access to, that's a security gap.
A few practices that matter:
Principle of least privilege. Each server should only expose what it needs to expose. A GitHub server that only needs read access shouldn't be configured with write access.
Audit tool calls. Claude Code's PostToolUse hooks fire when an MCP tool is called. Log these. You want to know when Claude Code is calling external services and with what arguments.
Test server scope. Before adding an MCP server to a production setup, understand exactly what tools it exposes and what permissions each tool requires. Read the source if it's open source.
Namespace your internal tools. If you're building custom MCP servers, give them clearly namespaced tool names so you can distinguish internal tool calls from external ones in your logs.
MCP + hooks = the real agent stack
MCP and hooks are complementary. MCP gives Claude Code capabilities — access to external systems, tools, data. Hooks give you control over how those capabilities are used — what can be called, under what conditions, with what logging.
Together they're the foundation for a production Claude Code setup: broad capability with enforced boundaries and full observability. The security principles that apply to MCP — least privilege, scoped credentials, audit logging — are the same principles covered in depth in the AI agent security overview. And for how MCP fits into the broader landscape of what makes Claude Code distinctive, the comparison with Cursor and Cline puts it in context.
I build with Claude every day and write about what it's actually like to ship AI-powered products. Subscribe at shoofly.dev/newsletter — building AI products in the real world, not what the press releases say.