Claude Code MCP
Specification: https://modelcontextprotocol.io/specification/2025-11-25 (November 2025)
Use this skill when you need to:
-
Configure .claude/.mcp.json for official/community MCP servers
-
Build custom MCP servers (TypeScript or Python)
-
Deploy and harden remote MCP servers (HTTP transport)
Quick Start (Local stdio via npx)
- Create or edit .claude/.mcp.json :
{ "mcpServers": { "postgres": { "command": "npx", "args": ["-y", "@modelcontextprotocol/server-postgres"], "env": { "POSTGRES_URL": "${DATABASE_URL}" } } } }
- Provide env vars and validate the connection:
export DATABASE_URL="postgresql://user:pass@localhost:5432/db" claude mcp list claude mcp get postgres
Notes:
-
Default config path is typically .claude/.mcp.json . If needed, override via claude --mcp-config <path> .
-
Prefer python3 as the Python interpreter in server configs unless your environment guarantees python .
Permission Management (Recommended)
Allow all tools from a server (wildcard)
claude mcp add --allow "mcp__postgres__*" postgres -- npx -y @modelcontextprotocol/server-postgres
Allow specific tools only
claude mcp add --allow "mcp__postgres__query,mcp__postgres__list_tables" postgres -- npx -y @modelcontextprotocol/server-postgres
Deny a specific tool
claude mcp add --deny "mcp__filesystem__write_file" filesystem -- npx -y @modelcontextprotocol/server-filesystem ./data
Production Guardrails (Required)
-
Assume tool outputs are untrusted (prompt injection). Sanitize/structure before reuse.
-
Default to least privilege: read-only DB, scoped filesystem allowlists, minimal tool allowlists.
-
Keep secrets out of .mcp.json ; inject via env vars or a secret manager at runtime.
-
Add timeouts, retries, and rate limits; log all tool invocations for audit.
What To Read Next
-
Choose an existing server: references/mcp-servers.md
-
Build a custom server: references/mcp-custom.md
-
Implementation patterns (DB/API/filesystem): references/mcp-patterns.md
-
Security hardening (OAuth, scopes, injection defense): references/mcp-security.md
-
Templates: assets/database/template-mcp-database.md , assets/filesystem/template-mcp-filesystem.md , assets/api/template-mcp-api.md , assets/deployment/template-mcp-docker.md
-
Curated links: data/sources.json