Learn Claude Code: MCP Mastery What MCP Is and Why It Matters

What MCP Is and Why It Matters

Advanced 🕐 12 min Lesson 1 of 12
What you'll learn
  • Explain how MCP eliminates the context-switching tax between Claude and your external tools
  • Distinguish the three MCP primitive types — tools, resources, and prompts — and when each applies
  • Identify the prompt injection risk that arises when servers fetch external content and the stance to adopt before connecting your first server

The copy-paste loop that slows every developer down

Here is a workflow most developers know well: you hit a bug, paste the error into Claude, get a fix, switch to your issue tracker to log it, copy the ticket number back to Claude, then open your database tool to check a related query, paste that result back, and repeat. Every tool lives in its own tab. Claude lives in another. You are the pipe between them.

This is the context-switching tax — the cognitive and mechanical overhead of moving information between Claude and every other system you use. The Model Context Protocol eliminates it. Instead of you copying data from a tool to Claude, the tool connects directly to Claude. You ask Claude to implement the feature described in a Jira ticket, and Claude reads the ticket, writes the code, and creates the PR — without you pasting anything.

What MCP actually is

MCP stands for Model Context Protocol. It is an open standard — not a proprietary Claude feature — that defines how AI models communicate with external tools and data sources. The protocol positions Claude as the client and every external system as a server. A server can be a cloud service your organization already uses, a local script that wraps a database, or any process that speaks the protocol.

When you connect an MCP server to Claude Code, the server announces its capabilities. Claude Code registers those capabilities and makes them available in your session. From that point, Claude can call the server's tools directly. A few examples of what becomes possible:

  • Implement from your issue tracker: "Add the feature described in JIRA-4521 and create a pull request on GitHub."
  • Debug with real monitoring data: "Check Sentry for the most common errors introduced in the last deployment."
  • Query production databases naturally: "What is our total revenue this month, broken down by plan tier?"
  • React to design changes: "Update our email template to match the new Figma design posted in Slack."
  • Automate communication: "Draft Gmail invitations for the ten users who churned last quarter."

Each of those sentences would normally require opening three or four separate tools, extracting information, and pasting it into Claude. With MCP, Claude does all of that itself.

Three primitive types: tools, resources, and prompts

MCP servers expose their capabilities through three distinct primitives. Understanding what each one does helps you recognize what you need when evaluating or building a server.

Tools are actions Claude can perform. When a server declares a tool, Claude can call it the same way it calls any built-in capability — creating a PR, querying a database, sending a message, checking an alert. Tools are the most common primitive. Each tool call goes through the normal permission flow: Claude asks for approval on first use, and you can approve it once or permanently.

Resources are named data objects Claude can reference directly in a prompt. A server might expose a database schema, a documentation page, or a configuration snapshot as a resource. You reference them with the @server:protocol://path syntax — similar to how you reference local files with @ — and Claude fetches the resource and attaches it to its context for that request.

Prompts are reusable command templates the server defines. They appear as slash commands under the pattern /mcp__servername__promptname. A GitHub server might expose /mcp__github__pr_review as a command that sets up a structured code review workflow. You run the command, pass arguments if required, and Claude executes the template.

Finding servers in the Anthropic Directory

Anthropic maintains a curated directory of MCP connectors at claude.ai/directory. These are remote HTTP servers for services like GitHub, Sentry, Notion, Linear, Stripe, and Slack. Directory servers have been reviewed against Anthropic's listing criteria — not security-audited, but meeting a baseline of documentation and operational standards.

You add any directory server with a single command:

claude mcp add --transport http sentry https://mcp.sentry.dev/mcp

For servers requiring authentication, Claude Code walks you through an OAuth sign-in the first time. For servers using API keys, you pass the key as a header at add time. For local tools and custom scripts, you run them as stdio processes on your machine. All three patterns are covered in the lessons ahead.

You can also scaffold your own server using the official mcp-server-dev plugin. Install it inside a Claude Code session with /plugin install mcp-server-dev@claude-plugins-official, then run /mcp-server-dev:build-mcp-server. Claude asks about your use case and generates a working server skeleton — either a remote HTTP server or a local stdio process.

The security stake: prompt injection

Connecting an MCP server extends Claude's reach into your tools. It also expands the attack surface. A server that fetches content from external systems — a Jira ticket, a GitHub issue, an npm README, a Slack message — is retrieving text that could have been written by an attacker. If that text contains instructions designed to look like they came from you, Claude might act on them.

This is called prompt injection. Claude Code has several defenses: WebFetch uses a separate context window to isolate external content, the auto-mode classifier strips tool results before evaluating safety, and a server-side probe scans incoming content before Claude reads it. But defenses reduce risk — they do not eliminate it.

The practical stance: verify that you trust each server before connecting it, review commands before approving them in unfamiliar contexts, and avoid piping untrusted content directly to Claude. The Anthropic Directory provides a reasonable starting list of servers that have been reviewed, which lowers — but does not remove — the burden of your own judgment.

Key takeaways
  • MCP is an open protocol that positions Claude as the client and your tools as servers — eliminating the copy-paste loop between Claude and the systems you already use
  • Three primitive types cover the full integration surface — tools for callable actions, resources for named data references, and prompts for reusable slash command templates
  • The Anthropic Directory lists reviewed remote servers you can connect with a single command, and the mcp-server-dev plugin scaffolds custom servers for your own internal systems
  • Claude handles authentication, data fetching, and response formatting through the connected server — you describe what you want in plain language and Claude coordinates the rest
  • Prompt injection risk is real when servers fetch external content — trust each server explicitly, review commands in unfamiliar contexts, and never pipe untrusted content directly to Claude