The Seven Deadly Sins With MCP - Ricardo Ferreira, Redis

by Ricardo Ferreira

Day 1 · Broadway Ballroom North (6th Floor) · Protocol in Depth · 26 min · 3 min read

Applied AI

TL;DR

Ricardo Ferreira analyzed 3,282 GitHub issues to identify seven deadly sins of MCP implementations. He grouped them into security, operational, and design categories. None of the 47 MCP-related issues were protocol problems. The real issue is backend capability design. He showed code examples in TypeScript and Python for sins like Lust (too much intimacy), Greed (too much power), and Sloth (too little care). The fix is intentional, explicit tool design.

MCP Is Not the Problem, It’s the Amplifier

▶ Watch (5:52)

Ricardo Ferreira analyzed 3,282 closed GitHub issues from MCP repositories. Only 47 were MCP-related, and none were protocol defects. The problems came from backend capability design: overly broad permissions, missing error propagation, and infinite retries. Ferreira traced this pattern to historical middleware like CORBA and ESBs, where the visible protocol layer takes the blame for underlying API flaws. He called these repeating mistakes “engineering impulses.”

Security Sins: Lust and Greed

▶ Watch (11:30)

Lust means too much intimacy with the backend. Ferreira showed a TypeScript function that executed arbitrary shell commands passed as arguments. The fix: create specific operations like getRepoStatus that run only one command. Greed means too much power. A Python function granted access to the entire filesystem. The fix: restrict file operations to specific directories. Ferreira warned against exposing dangerous operations like Redis’s FLUSHALL without safeguards.

Operational Sins: Sloth, Wrath, Gluttony

▶ Watch (16:49)

Sloth is too little care in error handling. A code example swallowed generic exceptions and returned vague messages. Ferreira recommended structured custom errors and using coding agents to enforce patterns via an agents.md file. Wrath is too much force: a callback retried indefinitely every 100 milliseconds without exponential backoff, risking denial-of-service. The fix: exponential backoff with jitter. Gluttony is too much waste: a search function returned full documents including embeddings instead of paginated, summarized results.

Design Sins: Pride and Envy

▶ Watch (22:37)

Pride is too much abstraction. A team built a generic metadata reflection system to avoid explicitly listing return fields. Ferreira advocated explicit, intentional tool definitions over automatic discovery. Envy is too much duplication: teams build separate MCP servers for the same service, causing namespace clashes and agent confusion. The solution: governance and centralized registration of tools.

Notable Quotes

MCP usually not the problem it’s the amplifier Ricardo Ferreira · ▶ Watch (5:07)

3,282 GitHub closed issues. 47 MCP related issues were found and not a single one were related to the protocol. Ricardo Ferreira · ▶ Watch (5:49)

We tolerate it because it is common. It is trivial. Ricardo Ferreira · ▶ Watch (8:29)

Lust is all about too much intimacy. Ricardo Ferreira · ▶ Watch (11:32)

Key Takeaways

MCP problems usually originate from backend capability design, not the protocol itself.
Fix security sins by restricting tool scope to specific operations and files.
Use exponential backoff, custom errors, and pagination to avoid operational and design sins.

About the Speaker(s)

Ricardo leads the developer relations team at Redis. He built a successful career in DevRel working for companies such as AWS, Elastic, and Confluent. He spent two decades working as a software engineer, instructor, and solution architect before diving into the world of developer…

Filed under

Applied AI