loading…
Search for a command to run...
loading…
▸ TL;DR
Yes, when you use MCPs from a vetted catalog. Unyly auto-scans every MCP for leaked secrets and malicious dependencies. Avoid installing random GitHub gists without verification.
Open Unyly catalogMCP itself is a transport protocol — it's as secure as the servers you connect. The risk is installing a malicious server that exfiltrates your API keys or runs arbitrary code. Mitigation: install only from catalogs that scan for security issues (Unyly does this automatically), prefer verified MCPs with published audits, use fine-grained API tokens with minimum scopes, run untrusted MCPs inside a sandbox or hosted runner.
Partially. MCP solves "tool plumbing" — connecting AI to tools with one protocol. LangChain is a broader agent framework with chains, memory, RAG. Use MCP if you want simple, language-agnostic tool integration. Use LangChain if you need a full agent runtime in Python/JS.
API keys are passed to the MCP server as environment variables when it starts. The MCP server reads them and uses them to call upstream APIs. The LLM never sees the raw credentials — only sees the tools they enable.
Function calling is a vendor-specific LLM API (OpenAI, Anthropic). MCP is an open protocol — same MCP server works with any client (Claude Desktop, Cursor, VS Code). MCP avoids vendor lock-in.