If you cheat using an "agent" using an "MCP server", it's still rm -rf on the host, but in a form that AI startups will sell to you.
MCPs are generally a little smarter than exposing all data on the system to the service they're using, but you can tell the chatbot to work around those kinds of limitations.
I was sort of surprised to see MCP become a buzz word because we’ve been building these kinds of systems with duck tape and chewing gum for ages. Standardization is nice though. My advice is just ask your LLM nicely, and you should be safe :)
MCPs are generally a little smarter than exposing all data on the system to the service they're using, but you can tell the chatbot to work around those kinds of limitations.