u/Additional_Fig_9234

▲ 1 r/mcp

Question: does improving MCP security can drive adoption?

From one side, I'm reading threads about building local vs remote MCP, also how a large amount of remote MCPs are not using any authentication-authorization, or using static keys/tokens instead of OAuth. I imagine each builder may have different reasons on why.

I'm also seeing in enterprise companies the IT/security team blocking custom MCP access and going through a process to unlock MCPs to employees, where they assess the MCP security, scope, documentation,...

When building an MCP how much not building it remote and using OAuth can impact the overall adoption, considering enterprise users may have additional friction to access it.

I imagine the target audience for the MCP can influence the answer, but curious on any learning experience or thoughts?

reddit.com
u/Additional_Fig_9234 — 2 days ago
▲ 2 r/mcp

I built an open source tool to attempt to measure how "good" an MCP is when LLM is calling it

After using some MCPs I found myself having some unexpected experiences with bloated context and bad performance, so I decided to build one myself, but it was not super intuitive to know if was "great". It worked, but I wasn't sure if was as good as it could be - should I use more or fewer tools, what's the balance on context enough to be helpful and avoid retries vs context bloating,...

I tried to find a tool that could "measure" how good an MCP was when being called with LLMs. I started with some initial evals and ended up building an open source project for MCP measurement called mcp-dyno . The ideas was to extract and report one some metrics that could help optimize the MCP server, like:

  • Efficiency — tokens/task, tool-call & round-trip counts, latency
  • Cost — $/task at real model prices
  • Context-bloat — how much of the window your tool definitions, args, and results actually eat
  • Correctness — task success (LLM-judged)
  • Reliability — pass^k consistency, hallucinated-tool rate, schema adherence, error recovery

I wrote an initial report of end-to-end run with some MCPs and different LLMs.

It's still early development and happy to collab.

u/Additional_Fig_9234 — 4 days ago