When to Use MCP vs Skill? Decoding AI Agent Extensions

One‑sentence distinction

MCP solves the “connection” problem – it lets the AI reach external data and services. Skill solves the “methodology” problem – it teaches the AI how to perform specific tasks.

Model Context Protocol (MCP)

What is MCP?

MCP (Model Context Protocol) is an open‑source JSON‑RPC 2.0‑based protocol announced by Anthropic in November 2024. It standardises how AI applications (Claude, ChatGPT, Gemini, Azure AI, etc.) discover, invoke, and manage external tools such as databases, APIs, or file systems. By early 2025 more than 1,000 community‑maintained MCP connectors existed.

Architecture

MCP follows a client‑host‑server model:

┌─────────────────────────────────────┐
│               Host                  │
│ (Claude Desktop / Cursor)           │
│   ┌─────────┐   ┌─────────┐   ┌───────┐│
│   │ Client  │   │ Client  │   │Client ││
│   │(GitHub) │   │(Postgres)│   │(Sentry)││
│   └─────┬───┘   └─────┬───┘   └─────┬─┘│
│         ▼           ▼           ▼   │
│   ┌─────────────┐ ┌─────────────┐ ┌─────────────┐│
│   │MCP Server   │ │MCP Server   │ │MCP Server   ││
│   │(GitHub)     │ │(Postgres)   │ │(Sentry)     ││
│   └─────────────┘ └─────────────┘ └─────────────┘│
└─────────────────────────────────────┘

The three roles are:

Host : the user‑facing application (e.g., Claude Desktop, Cursor).

Client : a component inside the host that talks to a specific server.

Server : a bridge that connects to external resources (databases, APIs, files).

Core primitives

MCP defines three server‑exposed primitives:

Tools – executable functions the model can call. Example:

{
  "name": "query_database",
  "description": "Execute SQL query on the database",
  "parameters": {
    "type": "object",
    "properties": {
      "sql": {"type": "string"}
    }
  }
}

The model decides when to invoke a tool, e.g., calling query_database when the user asks for monthly revenue.

Resources – data sources that provide context. Example:

{
  "uri": "file:///Users/project/README.md",
  "name": "Project README",
  "mimeType": "text/markdown"
}

Resources are referenced with @ in prompts.

Prompts – pre‑written prompt templates that shape interaction. Example:

{
  "name": "code_review",
  "description": "Review code for bugs and security issues",
  "arguments": [{"name": "code", "required": true}]
}

Users trigger prompts similarly to slash commands.

Transport mechanisms

Stdio : local process communication, suitable for system‑level tools.

HTTP/SSE : remote services (GitHub, Sentry, Notion, etc.).

Costs and trade‑offs

Token consumption : each MCP server’s tool definitions occupy context, which can quickly eat a large portion of the token window.

Maintenance : persistent servers must stay up, handle network failures, and refresh authentication.

Security : external content introduces prompt‑injection risks. Third‑party MCP servers are used at the user’s own risk.

Agent Skill

What is Skill?

Skill (Agent Skill) was released by Anthropic in October 2025. It is a folder containing metadata, instructions, optional scripts, and resources that an AI can discover and load on demand.

Progressive disclosure design

Skills load information only when needed, dramatically reducing token usage. The loading pipeline has four stages:

Scanning : the host reads each Skill’s name and description.

Matching : the user request is semantically compared to the descriptions.

Loading : the matching Skill’s SKILL.md is fetched.

Execution : the AI follows the Skill’s instructions, loading any auxiliary files as required.

File structure

my-skill/
├── SKILL.md          # required: metadata + main instructions
├── reference.md      # optional: detailed reference
├── examples.md       # optional: usage examples
├── scripts/
│   └── helper.py    # optional executable script
└── templates/
    └── template.txt # optional template file

The mandatory SKILL.md must start with YAML metadata:

---
name: code-review
description: >
  Review code for bugs, security issues, and style violations.
  Use when asked to review code, check for bugs, or audit PRs.
---

# Code Review Skill

## Instructions

1. First check for security vulnerabilities...
2. Then check for performance issues...
3. Finally check for code style...

Key metadata fields: name: unique identifier (lower‑case, hyphens, ≤64 chars). description: concise purpose and trigger keywords (≤1024 chars). The quality of this field determines whether the Skill is correctly triggered.

Security considerations

Because Skills inject instructions, a malicious Skill can hide harmful prompts (prompt injection) and exfiltrate data. Mitigations include:

Use only trusted Skill sources.

Audit any embedded scripts.

Restrict capabilities with an allowed-tools whitelist, e.g.:

---
name: safe-file-reader
description: Read and analyze files without making changes
allowed-tools: Read, Grep, Glob  # only read operations allowed
---

Side‑by‑side comparison

Core role : MCP – connects to external systems; Skill – encodes procedural knowledge.

Architecture layer : MCP – integration layer; Skill – prompt/knowledge layer.

Protocol basis : MCP – JSON‑RPC 2.0; Skill – file system + Markdown.

Cross‑platform : MCP – yes (open); Skill – no (Anthropic‑only).

Trigger : MCP – persistent connection, always available; Skill – semantic matching, auto‑triggered.

Token strategy : MCP – high (pre‑loaded tools); Skill – low (progressive loading).

External access : MCP – direct; Skill – indirect (needs MCP or built‑in tools).

Complexity : MCP – higher (protocol implementation); Skill – lower (write Markdown).

Reusability : MCP – high (standardised); Skill – medium (Git‑shareable folders).

Dynamic discovery : both support runtime discovery.

Security : MCP – external content risk; Skill – malicious instruction risk.

When to use MCP vs Skill

Use MCP when

Access to external data (databases, APIs, file systems) is required.

Operations on external systems (create GitHub issues, send Slack messages, run SQL) are needed.

Real‑time information (monitoring, logs, search results) is essential.

Cross‑application reuse of the same connector is desired.

Use Skill when

Repeating a workflow (code review, doc generation, data analysis).

Enforcing internal team conventions (style guides, commit policies).

Complex multi‑step tasks that need detailed guidance.

Sharing best‑practice procedures across a team.

Token‑sensitive scenarios where large knowledge bases must not occupy the context window.

Combined usage example

User: "Review PR #456 and suggest improvements."
1. MCP (GitHub) fetches PR details.
2. Skill (team code‑review guidelines) provides the review methodology.
3. Claude applies the Skill instructions to analyse the code.
4. MCP (GitHub) posts the review comment.

MCP provides the "what can be accessed" layer, while Skill provides the "how to act" layer.

References

Model Context Protocol docs – https://modelcontextprotocol.io/docs/getting-started/intro

MCP Specification – https://spec.modelcontextprotocol.io/

Anthropic blog announcing MCP – https://www.anthropic.com/news/model-context-protocol

MCP GitHub organization – https://github.com/modelcontextprotocol

Awesome MCP Servers – https://github.com/punkpeye/awesome-mcp-servers

Claude Code Skills documentation – https://platform.claude.com/docs/en/docs/claude-code/skills

Building effective agents (Anthropic) – https://www.anthropic.com/engineering/building-effective-agents

Context Engineering guide – https://www.anthropic.com/engineering-guides/context-engineering