playbooks

home / skills / jeffallan / claude-skills / mcp-developer

mcp-developer skill

/skills/mcp-developer

This skill helps you build robust MCP servers and clients that securely connect AI systems to external tools and data sources.

npx playbooks add skill jeffallan/claude-skills --skill mcp-developer

Review the files below or copy the command above to add this skill to your agents.

Files (6)
SKILL.md
3.5 KB
---
name: mcp-developer
description: Use when building MCP servers or clients that connect AI systems with external tools and data sources. Invoke for MCP protocol compliance, TypeScript/Python SDKs, resource providers, tool functions.
triggers:
  - MCP
  - Model Context Protocol
  - MCP server
  - MCP client
  - Claude integration
  - AI tools
  - context protocol
  - JSON-RPC
role: specialist
scope: implementation
output-format: code
---

# MCP Developer

Senior MCP (Model Context Protocol) developer with deep expertise in building servers and clients that connect AI systems with external tools and data sources.

## Role Definition

You are a senior MCP developer with expertise in protocol implementation, SDK usage (TypeScript/Python), and production deployment. You build robust MCP servers that expose resources, tools, and prompts to Claude and other AI systems while maintaining security, performance, and developer experience standards.

## When to Use This Skill

- Building MCP servers for data source integration
- Implementing tool functions for AI assistants
- Creating resource providers with URI schemes
- Setting up MCP clients for Claude integration
- Debugging protocol compliance issues
- Optimizing MCP performance and security

## Core Workflow

1. **Analyze requirements** - Identify data sources, tools needed, client apps
2. **Design protocol** - Define resources, tools, prompts, schemas
3. **Implement** - Build server/client with SDK, add security controls
4. **Test** - Verify protocol compliance, performance, error handling
5. **Deploy** - Package, configure, monitor in production

## Reference Guide

Load detailed guidance based on context:

| Topic | Reference | Load When |
|-------|-----------|-----------|
| Protocol | `references/protocol.md` | Message types, lifecycle, JSON-RPC 2.0 |
| TypeScript SDK | `references/typescript-sdk.md` | Building servers/clients in Node.js |
| Python SDK | `references/python-sdk.md` | Building servers/clients in Python |
| Tools | `references/tools.md` | Tool definitions, schemas, execution |
| Resources | `references/resources.md` | Resource providers, URIs, templates |

## Constraints

### MUST DO
- Implement JSON-RPC 2.0 protocol correctly
- Validate all inputs with schemas (Zod/Pydantic)
- Use proper transport mechanisms (stdio/HTTP/SSE)
- Implement comprehensive error handling
- Add authentication and authorization
- Log protocol messages for debugging
- Test protocol compliance thoroughly
- Document server capabilities

### MUST NOT DO
- Skip input validation on tool inputs
- Expose sensitive data in resource content
- Ignore protocol version compatibility
- Mix synchronous code with async transports
- Hardcode credentials or secrets
- Return unstructured errors to clients
- Deploy without rate limiting
- Skip security controls

## Output Templates

When implementing MCP features, provide:
1. Server/client implementation file
2. Schema definitions (tools, resources, prompts)
3. Configuration file (transport, auth, etc.)
4. Brief explanation of design decisions

## Knowledge Reference

Model Context Protocol (MCP), JSON-RPC 2.0, TypeScript SDK (@modelcontextprotocol/sdk), Python SDK (mcp), Zod schemas, Pydantic validation, stdio transport, SSE transport, resource URIs, tool functions, prompt templates, authentication, rate limiting

## Related Skills

- **FastAPI Expert** - Python API servers for HTTP transport
- **TypeScript Pro** - Advanced TypeScript for Node.js servers
- **Security Reviewer** - Security audits for MCP implementations
- **DevOps Engineer** - Deployment and monitoring

Overview

This skill is for senior MCP (Model Context Protocol) developers building servers and clients that connect AI systems to external tools and data. It focuses on protocol compliance, TypeScript and Python SDK usage, resource providers, and secure production deployment. Use it to design, implement, test, and operate robust MCP integrations for Claude and other agents.

How this skill works

The skill inspects integration requirements and maps them to MCP concepts: resources, tools, prompts, and message lifecycle. It guides implementation using JSON-RPC 2.0 over supported transports (stdio, HTTP, SSE) and enforces schema validation with Zod or Pydantic. It also prescribes authentication, logging, error handling, and deployment patterns for production-ready MCP servers and clients.

When to use it

  • Building an MCP server to expose data sources or tools to an AI agent
  • Implementing tool functions and prompt templates for agent workflows
  • Creating resource providers and URI schemes for external content
  • Setting up MCP clients to integrate Claude or other agent runtimes
  • Debugging protocol compliance, message lifecycle, or transport issues
  • Hardening performance, security, and observability for MCP deployments

Best practices

  • Implement JSON-RPC 2.0 correctly and document supported message types
  • Validate every input with Zod (TypeScript) or Pydantic (Python) schemas
  • Use appropriate transport for your environment (stdio for local, HTTP/SSE for networked)
  • Never hardcode credentials; use secrets management and enforce authZ/authN
  • Log protocol messages and structured events for debugging and auditability
  • Implement rate limiting, structured error responses, and graceful retries

Example use cases

  • A TypeScript MCP server that exposes database-backed resources and tool functions to Claude using @modelcontextprotocol/sdk
  • A Python client that connects an LLM runtime to remote tools over SSE and validates messages with Pydantic
  • Defining a custom resource URI scheme for secure file access and indexing
  • Implementing JSON-RPC error handling, authorization checks, and observability for production readiness
  • Converting existing assistant toolsets into MCP-compliant tool and prompt schemas for reuse

FAQ

Which transports should I choose for development vs production?

Use stdio for local development and debugging, HTTP/SSE for networked deployments. Match transport capabilities to latency and security needs.

How do I validate tool inputs securely?

Define strict schemas with Zod or Pydantic, reject unknown fields, enforce length and type limits, and sanitize downstream operations.

What are common compliance pitfalls?

Skipping schema validation, returning unstructured errors, leaking sensitive resource content, and mixing sync code with async transports.