Is MCP Dead? 3 Scenarios Where Skill and CLI Can't Replace It
In late February 2026, a post titled "MCP is dead. Long live the CLI" hit the Hacker News front page and blew up. One camp says MCP is unnecessary abstraction; the other points out that every major tech company has already committed to it. If you've been wrestling with whether to set up an MCP server in Claude Code or Cursor, this article gives you real benchmark data and a 30-second decision framework.
TL;DR
June 2026 Update: MCP Dev Summit NA (April, NYC, 1,200 attendees — double the prior event) confirmed MCP has crossed into enterprise infrastructure. On May 19, Anthropic announced MCP Tunnels (research preview), letting agents reach private internal systems without inbound firewall rules. Salesforce formally joined the MCP ecosystem on June 23 with Agentforce 3, launching three official servers. The core decision framework in this article remains unchanged.
- MCP isn't dead — the official registry has 9,652 servers (as of May 24, 2026) while third-party directories like PulseMCP track 16,500+, with 97M monthly SDK downloads and continued growth. But it solves "multi-user, cross-platform tool distribution" problems, not your personal coding workflow
- CLI beats MCP by 10-32x in token efficiency with near-100% success rates
- Skill is procedural knowledge (teaches AI how to do things); MCP is capability (gives AI access to tools) — they're complementary, not competing
- For solo developers: start with CLI + Skill, only reach for existing MCP servers when you need Notion/Figma or other CLI-less cloud services
- Security risks have escalated sharply: OX Security disclosed an architectural RCE vulnerability in STDIO transport affecting 200K instances — Anthropic declined to fix, calling it "expected behavior." 24% of public servers have zero authentication
The "MCP Is Dead" Debate
MCP (Model Context Protocol) is an open protocol launched by Anthropic in November 2024 that lets AI systems connect to external tools and data sources through a unified interface. The common analogy is "USB-C for AI" — build one MCP server, and every compatible AI client can plug into it.
2025 was MCP's breakout year. OpenAI announced support in March, Google DeepMind followed in April, and Microsoft integrated MCP into Semantic Kernel, Azure OpenAI, Copilot Studio, and Agent 365. By December, Anthropic donated MCP to the Linux Foundation's Agentic AI Foundation, with OpenAI, Google, Microsoft, AWS, and Cloudflare all joining as founding members.
By Q1 2026, the ecosystem had ballooned: over 9,400 servers in the official registry, 97 million monthly SDK downloads across TypeScript and Python (Q1 2026 figures). The protocol itself expanded from 3 primitives to 5 (tools, resources, prompts, sampling, roots), with Streamable HTTP as the new transport layer. By May 2026, the ecosystem had fragmented across multiple directories: the official registry stands at 9,652 records (May 24, 2026) while PulseMCP tracks over 16,500 servers, reflecting wide dispersal across platforms, private enterprise deployments, and community projects. The MCP Dev Summit NA 2026 (April 2-3, New York, 1,200 attendees — double the prior summit) further cemented MCP's status as enterprise infrastructure, with production keynotes from Uber, Bloomberg, and Duolingo.
Then came the backlash.
In February 2026, Eric Holmes published that post with a blunt argument: LLMs are smart enough now — give them CLI tools plus documentation and they can handle the job. Why add another abstraction layer? Pieter Levels (levelsio) echoed this on X: "MCP, like llms.txt, is yet another unnecessary abstraction that AI doesn't actually need."
But the answer isn't binary. MCP isn't dead — it has dropped from the hype peak into the Gartner trough of disillusionment. The real question isn't "is MCP good?" but "when should you use MCP?"
Three-Layer Architecture: What MCP, Skill, and CLI Actually Do
Many people lump MCP, Skill, and CLI together as "ways to let AI use tools." But they actually operate at completely different architectural layers — understanding this is the foundation for making the right choice.
Capability Layer: MCP
MCP answers "what can AI do?" It's a standard protocol that connects AI to databases, APIs, and cloud services through a unified interface. The key difference from traditional APIs: AI can dynamically discover available tools at runtime instead of having every tool's usage hardcoded into the prompt.
Procedure Layer: Skill
Skill answers "how should AI do it?" At its core, it's a workflow instruction in markdown format that defines task sequences, quality standards, and decision logic. Since late 2025, the Skill ecosystem has evolved rapidly: Hooks (September 2025) provide event-driven deterministic script execution, and Agent Teams (February 2026) let multiple Claude sessions coordinate and divide work in parallel. The community has produced open-source Skill packages like mattpocock/skills. From hands-on experience, I've built an entire content production pipeline using Skills (from topic selection to translation), with Hooks for automatic post-tool-call validation and Agent Teams enabling multi-agent parallel writing.
Execution Layer: CLI
CLI is the most direct approach — AI calls existing command-line tools on your machine via Bash. git, curl, npm, gh — tools you already use, and the AI can use them too.
Side-by-Side Comparison
| Dimension | MCP | Skill | CLI |
|---|---|---|---|
| Nature | Tool connection protocol | Workflow instructions (prompt) | Command-line tools |
| What it solves | What AI can do | How AI should do it | Direct execution |
| Medium | Server process | Markdown files | Existing system tools |
| Cross-platform | All MCP clients | Primarily Claude Code | Any shell environment |
| Maintenance cost | High (server ops) | Very low (plain text) | Near zero |
| Best analogy | USB-C port standard | SOP handbook | Swiss army knife in your pocket |
Key insight: These three aren't mutually exclusive. The smartest approach is to use all three layers together — Skill defines the process, CLI handles most tasks, and MCP only kicks in when you need cross-platform distribution or enterprise governance.
Benchmark Results: How Much Does CLI Actually Win By?
Data speaks louder than opinions. My own content pipeline runs dozens of CLI calls daily (git, curl, file system operations), and I've never hit the schema bloat or connection timeout issues that plague MCP. But gut feeling isn't enough — let's look at hard numbers. According to Scalekit's 75-run benchmark, CLI dominates MCP across efficiency metrics:
| Metric | CLI | MCP (Direct) | Gap |
|---|---|---|---|
| Token consumption (GitHub query) | 1,365 | 44,026 | 32x |
| Monthly cost (10K operations) | $3.20 | $55.20 | 17x |
| Success rate | 100% | 72% | CLI wins |
Why such a dramatic difference? It comes down to "schema bloat." Every time AI calls an MCP server, the server dumps all tool definitions into the context window. Take the GitHub MCP server — it exposes 43 tools, and the schema alone eats a massive chunk of tokens, even if you only need one of them.
That said, MCP isn't unusable in every scenario. Deploying an API gateway in front for schema filtering and connection pooling can bring costs down to roughly $5/month with 99%+ reliability. But that adds architectural complexity that's probably not worth it for individual developers.
30-Second Decision Framework
Don't want to read the whole article? Use this decision tree:
Does your AI need to act on behalf of multiple different users? (OAuth authorization, tenant isolation, audit requirements)
- Yes → Use MCP. This is MCP's truly irreplaceable use case.
Are you just automating your own workflow?
- Yes → CLI + Skill. Your agent inherits local permissions — that's enough.
Does the service you're connecting to have a CLI?
- Yes (git, gh, npm, aws-cli...) → Use CLI directly
- No (Notion, Figma, Slack — API only) → Use an existing community MCP server
Do you just need to teach AI a workflow?
- Yes → Use Skill (or your platform's equivalent prompt config file)
Three Typical Scenarios
Scenario A: Solo developer using Claude Code for a side project → CLI + Skill. If Bash can do it, you don't need MCP. Use Skill to define code review standards and commit conventions. Lowest cost, highest reliability.
Scenario B: SaaS product letting users manage their Stripe accounts via AI → MCP is necessary. Each user has their own OAuth token, requiring tenant isolation and access control. CLI can't do this.
Scenario C: Team wants both Cursor and Claude Code to query their internal wiki → MCP makes sense. Build one MCP server, both clients can connect — no duplicate integration work.
Security Risks: What You Need to Know Before Using MCP
MCP's convenience comes with real security risks — not theoretical ones.
The Coalition for Secure AI (CoSAI) whitepaper in 2026 identified 12 core threat categories covering nearly 40 distinct threats. According to the Zuplo MCP Report (public ecosystem survey), 24% of public MCP servers currently have zero authentication. A separate Bloomberry survey analyzing 1,412 servers (public and private) found the zero-auth rate at 38.7% -- the difference comes from sample coverage.
April 2026: OX Security Exposes Architectural RCE in STDIO
The situation escalated dramatically in April 2026. OX Security disclosed an architectural remote code execution (RCE) vulnerability in MCP's STDIO transport layer, affecting 150M+ SDK downloads and up to 200,000 vulnerable instances. Cursor, VS Code, Windsurf, Claude Code, and Gemini CLI were all affected. OX Security issued 30+ responsible disclosures and 10+ High/Critical CVEs (including CVE-2026-30623 for command injection), but Anthropic declined to modify the protocol architecture, calling the behavior "expected."
Real Attacks That Have Happened
- Prompt injection hijacking: Attackers embedded malicious instructions in public GitHub Issues. When the AI agent read them, it was hijacked into exfiltrating data from private enterprise repositories.
- Supply chain attacks: Fake Postmark MCP servers appeared on npm — functionally normal on the surface, but secretly BCCing all emails to the attacker.
- SQL injection: A Supabase MCP was exploited via SQL injection in support tickets, leaking high-privilege integration tokens.
For a deeper dive into AI agent security defense frameworks, check out this complete guide.
Defense Checklist Before Using MCP
- Principle of least privilege: Only grant MCP servers the minimum access scope needed to complete the task
- Independent input validation: Don't blindly trust LLM tool-call decisions — add an independent validation layer before sensitive operations
- Source verification: Confirm the source is trustworthy before installing any MCP server — avoid unknown third-party servers
Conclusion
MCP isn't dead, but its real value lies in "distribution" and "governance," not "efficiency."
If you're an individual developer or digital worker, the most pragmatic strategy is: CLI + Skill as your default, MCP on demand. Use CLI for tasks that have command-line tools, use Skill to define workflows, and only bring in MCP when you need cross-platform distribution or need to connect cloud services without a CLI.
This isn't a pick-one-of-three problem — it's a three-layer architecture where each layer has its role. Once you understand what each layer solves, you won't be swayed by the extreme voices claiming "MCP is dead" or "MCP is essential."
Want to try building Skills yourself? We have a community Skills and Agent Fleet guide that walks you through creating your own workflow from scratch. If you decide to use MCP, check our best MCP servers guide for vetted server recommendations.
FAQ
If all the big tech companies support MCP, why do people say it's dead?
Because 'dead' refers to efficiency, not adoption. MCP consumes 10-32x more tokens than CLI for individual dev tasks and has a higher failure rate. Big tech is betting on MCP for its enterprise governance, multi-tenant authorization, and cross-platform distribution value — a completely different use case from solo development. 'MCP is dead' reflects developer backlash against overhype, not the protocol's demise.
I'm a solo developer. Should I invest time learning MCP right now?
Not heavily. CLI paired with Skill achieves near-100% success rates and 10-32x better token efficiency, without the overhead of OAuth setup and server maintenance. The one exception is when you need to connect cloud services like Notion or Figma that have no CLI — using an existing community MCP server makes sense there.
Skill only works in Claude Code. What about other platforms?
That's correct — Skill is currently tied to the Claude Code ecosystem (with partial Gemini CLI compatibility). If you need cross-platform tool capabilities (Cursor, ChatGPT, Windsurf), MCP is the right choice. But if you just need to define workflows and standards, most platforms have similar mechanisms: Cursor has .cursorrules, GitHub Copilot has .github/copilot-instructions.md. Same concept, different format.
Was this article helpful?
