Table of Content
AI Information
AI Tutorial
AI Agent
Latest Information
Hot Information
LLMs Information
Technical Frontiers
Industry Applications
Prompt Tutorial
AI Programming
AI Video Generation
AI Audio Generation
Knowledge Base Setup
AI Development Guides
Industry Tutorials
Practical Cases
AI Resource Library
Agent Information
Agent Setup
Agent Training

MCP configuration file analysis. But to be honest, the configuration file is still one of the most failed designs of MCP!

Written by
Clara Bennett
Updated on:July-08th-2025
Recommendation

MCP configuration file analysis reveals the shortcomings of its design!

Core content:
1. The Json format used in the MCP configuration file and its limitations
2. The irrationality of the configuration path and pre-configuration
3. The security risks and improvement suggestions brought by the plain text configuration
4. MCP function introduction and client-server architecture analysis

Yang Fangxian
Founder of 53AI/Most Valuable Expert of Tencent Cloud (TVP)

MCP (Model Context Protocol) is a communication protocol open sourced by Anthropic in November 2024.

Simply put, it is an AI model that can not only return files but also read files, view databases, and operate computers.

A case study: This is called Agent! Claude3.7 MCP Blender 3D modeling

This article will analyze the MCP configuration file, but before that, I personally still feel that the configuration file is one of the most failed designs of MCP. There are several reasons for this:

MCP uses the Json format by default. The Json format itself has limitations and has obvious disadvantages as a configuration format:

  • Unable to add configuration instructions, reducing maintainability
  • The format is strict, a comma error will cause the entire configuration to fail
  • Fixed structure: Lack of flexibility, not as suitable for complex configuration as YAML, and no Scheme, making it difficult to debug.

The configuration path is disgusting. Taking the official Claude Desktop as an example, the path of the configuration file is too hidden. Anyway, I can't remember it now. In addition:

  • The paths of different systems are inconsistent, which is especially true for Windows users, who have to manually add a lot of escape symbols.
  • There is a lack of a clear configuration interface or guide. It would be nice if the official just gave a button to directly open the configuration.

Pre-configuration goes against intuition. MCP, a platform-based configuration mode, adopts a "configure first, use later" approach, which goes against the intuition of ordinary users:

  • Normal process: users enter the application first, and configuration is provided when needed
  • MCP mode: requires users to set all parameters in the configuration file in advance

This is like logging into a website platform. You don't write down your username and password in a notepad and then log in to the website, instead of opening the webpage and filling in the login information. A more reasonable approach should be to unify the entry protocol and then configure it on demand, parameterizing the configuration . Then the plain text configuration also leads to the following problems in disguise.

Security risks: Sensitive information is stored in plain text. Sensitive information in configuration files is stored in plain text, which brings serious security risks:

  • API keys, access tokens, etc. are fully exposed
  • There is no encryption or obfuscation mechanism, which makes it easy to leak when sharing screens or screenshots.

I remember that when Windsurf officially demonstrated the MCP tutorial, the host filled in the Gmail token in the video and asked for it to be blurred in post-editing. It was really embarrassing!

I personally think the better design is:

  • Move the configuration items to the server. The client only provides the default configuration and requires users to fill in relevant parameters through a unified protocol.
  • Adopt on-demand authorization mode instead of pre-configuration. At the same time, the agreement is greater than the configuration, and many configurations are processed by default.
  • A single configuration entry and discovery mechanism

  • Use more friendly configuration formats (such as YAML, JOSN5
  • Provides a credential management mechanism to securely store sensitive information

A brief introduction to MCP

MCP is not just a simple file reading tool, it can do much more than that:

  • Read local resources : AI can view files, database records, etc. on your computer
  • Use local tools : You can operate the browser, execute SQL queries, manage Git, etc.
  • Real-time update : When resources change, the latest information is pushed actively
  • Protect privacy : All operations are completed locally, and sensitive data will not be uploaded to third parties


MCP uses a client-server architecture:

  • MCP client : usually an AI application, such as Claude Desktop or cline plugin
  • MCP server : a lightweight program responsible for performing specific operations
  • Communication method : Based on JSON-RPC 2.0 standard to ensure stable and reliable communication

When the AI ​​needs to read a file, it sends a JSON-RPC request, and the MCP server processes it and returns the file content to the AI. The whole process is completely seamless for the user!

When you ask Claude to "check the sales data in sales.xlsx and generate a report for me", Claude will send a request to your locally running MCP server through the MCP client. The server reads the file content and returns it to Claude, and then Claude analyzes the data for you. The whole process is fast and secure, and there is no need to manually upload files.

Configuration of Playwright MCP server

Here are the steps to configure the Playwright MCP server using the cline plugin in VSCode:

  • Install the cline plugin (search in the VSCode extension market)
  • Search and install the Playwright plugin in the Cline MCP extension
  • Configure startup items:
{ "mcpServers": {"playwright": {"command": "npx","args": ["-y", "@executeautomation/playwright-mcp-server"]} }}

Configuration details

This seemingly simple configuration item contains a wealth of information:

First of all, the whole package is a nested relationship, that is, a configuration file contains multiple servers, and each server has the following options:

  • mcpServers : Root level key that defines all MCP server configurations
  • playwright : server instance name, you can configure multiple different servers
  • command : Start command, here npx is used to execute the Node.js package
  • args : command arguments
    • -y : Used to automatically confirm all prompts
    • @executeautomation/playwright-mcp-server : the name of the npm package to be executed

NPX's execution mechanism: pull first, then execute

What is NPX used in the above configuration? How does it work? Simply put, NPX is a package execution tool provided by Node.js, which adopts the "pull first and then execute" mode:

  • Pull phase : When you trigger the Playwright MCP server through configuration, NPX will first check whether the package is installed locally or globally. If not, it will temporarily download it from the npm repository@executeautomation/playwright-mcp-serverPackage to a temporary directory.
  • Execution phase : After downloading, NPX will immediately execute the main program in the package and start the Playwright MCP server.
  • Cleanup phase : After the task is completed, NPX will automatically clean up the temporarily downloaded files and will not pollute your system environment.

This mechanism brings several important benefits:

  • Zero configuration: users don’t need to pre-install anything
  • Always up to date: Each execution will get the latest version
  • Environment isolation: avoiding version conflicts
  • Use it and go: no extra junk files left behind

Once configured, you can try to let the AI ​​complete tasks like this:

"Help me open Baidu, search for 'MCP Protocol', and then take a screenshot and save it to the desktop"


The AI ​​will call the Playwright server, open the browser, and do all the work without you having to write a single line of code.

Related PostsView More
Tencent and Quark compete for AI browser
Explore the competition between Tencent and Quark in the field of AI browsers in 2025, focusing on QBot and Quark Super Frame. The article explains in detail that Tencent QBot can access high-quality content sources such as WeChat public accounts, and has built-in multiple tools to help office learning; Quark's "AI Super Frame" supports multi-modal input and "deep search", and the "deep search...
Caleb Hayes
AI is sweeping the Agent market, Tencent is competing with ByteDance
In-depth discussion of the fierce competition between Tencent and ByteDance under the trend of AI Agent. Tencent quickly connected to the DeepSeek R1 model, and ByteDance's Volcano Engine followed suit and launched new activities. The upgraded R1 model has made breakthroughs in many aspects, and DeepSeek has become a standard after its popularity. Domestic cloud vendors are catching up with...
Iris Vance
Li Kunyang: How AI technology can give rise to a new paradigm in mergers and acquisitions
In today's era, AI technology is developing rapidly, and all walks of life are actively integrating with it. Li Kunyang, general manager of Yi Guanghe Information Technology (Beijing) Co., Ltd., published an article in "Peking University Financial Review" to explore how AI technology can give birth to a new paradigm for mergers and acquisitions. The article points out that AI not only assists...
Iris Vance