Skip to content
try reference course saved
English
Level 11: Extend & Automate
Lesson 3 · +15 XP

Your first MCP server

Plugging in an MCP server is, genuinely, one command. Let’s add one and see what happens.

We’ll use the Playwright server, which lets Claude drive a real web browser — click, type, take screenshots. It needs no account or API key, so it’s the cleanest first plug.

claude mcp add playwright -- npx @playwright/mcp@latest

Read that left to right: claude mcp add (plug in a server), playwright (the name you’ll call it), then — after the -- — the command that starts the server (npx @playwright/mcp@latest — run that package, the way you learned packages work in Lesson 3.8). The -- is just a fence: everything before it is for Claude, everything after it is the server’s own start command.

That’s it. The server is registered.

Check that it’s connected

Inside a Claude session, type the slash command:

/mcp

You’ll see playwright listed, with a status — connected if it started cleanly. Some servers will say needs authentication and walk you through logging in (that’s how a Notion or GitHub server links to your account). Playwright won’t ask; it just connects.

The payoff: you didn’t teach Claude anything about browsers. You plugged in a server, and a dozen new tools — open page, click, screenshot — quietly appeared in its toolbelt.

Now you can ask: “Open example.com and tell me the page heading,” and Claude will actually drive a browser to do it — not guess from memory.

Where the connection lives

By default that server is added just for you, in this project. But you can scope it wider:

  • Local (default) — just you, just this project.
  • Project — checked into the repo (in a .mcp.json file) so your whole team gets the same servers automatically. Great for “everyone working on this app should have the database server.”
  • User — you, across every project.

claude mcp list shows what you’ve got. claude mcp remove playwright unplugs it.

The part that trips people up: a server is code you trust

Here’s the catch, and it matters. That npx @playwright/mcp@latest ran a program written by someone else, and it now runs with your permissions — it can do anything you can do on your machine, and it speaks to Claude on your behalf.

This is the same trust question from Level 6, wearing a new hat. Back there you decided whether to let Claude run a command. Here you’re deciding whether to let a whole server sit in the loop.

An MCP server is a dependency, not a feature. Vet it like one: who wrote it, how many people use it, what permissions does it actually need?

A few habits that keep you safe:

  • Prefer official servers. Anthropic, and the company that owns the tool (GitHub’s own GitHub server), are safer bets than a random repo with three stars.
  • Give it the least it needs. If a database server offers read-only mode, use it. A server can’t misuse a power it was never given.
  • Be slow with secrets. When a server asks for an API key or login, you’re handing it real access. Make sure you’d trust it with that key directly.

None of this should scare you off — MCP is how Claude becomes genuinely useful at work. It’s just the seatbelt. Plug in deliberately, and you get all the reach with none of the regret.

What’s next

MCP widened Claude’s reach. Next we tackle the other wall — making things happen without you asking — starting with hooks, automations the harness runs on its own.