Building MCP Servers with FastMCP: 7 Mistakes to Avoid
This title could be clearer and more informative.Try out Clickbait Shieldfor free (5 uses left this month).
Seven common mistakes developers make when building MCP servers with FastMCP, with concrete fixes for each. Covers missing ToolAnnotations for mutating operations, exposing raw API primitives instead of outcome-oriented tools, unsafe defaults (e.g., creating enabled campaigns), poor parameter documentation, swallowing error messages, wasteful JSON responses for tabular data (CSV saves 40-60% tokens), and security vulnerabilities like path traversal and prompt injection. Includes real-world examples from Google Ads MCP and references to 30+ CVEs found in MCP implementations in their first year.
Table of contents
1. Not Marking Mutating Operations2. Exposing Raw API Primitives Instead of Outcome-Oriented Tools3. Missing Safe Defaults4. Poor Tool Documentation5. Swallowing Error Messages6. Wasteful Token Usage in Responses7. Ignoring Security FundamentalsKey TakeawaysSort: