My (admittedly oversimplified) understanding is that MCP's purpose is mainly to provide a sort of langua franca for LLM's to tackle agentic tasks without having to write unicorn handlers for every single service in every single language in every single individual API flavor. That sounds great, but my understanding is also that it is incumbent on the provider of that MCP server's datasource/resource to create and maintain the MCP server so that LLM's can take advantage of them. A quick look across the interwebs shows that while there are a TON of MCP severs popping up from IC's, a fraction of them are actually endorsed, much less directly maintained, by the entities that own/run the services an LLM might want to interact with.

This of course presents an issue. Anyone with a greater understanding of software development beyond a junior level should understand that pulling libraries straight out of npm/githublab/whathaveyou carries with it security and privacy risks (yes, even if it's open source, nasty bits can be hidden in one of those 100's of libraries you are shotgunning into your app).

Am I missing something here? It all seems very wild west at the moment with a tremendous amount of hype, and I'd like to not be so skeptical. If it is as I say, how long until the foundation solidifies a bit and we truly do have a solid, mature MCP set to draw from?