There are multiple dangers here. The one that you have to take on is that you’re giving an AI program access to do things somewhat arbitrarily on your system. Sure, you can grant permission to particular tools but by the time you allow it to run arbitrary code in your repl, I mean, yeah there’s nothing scanning it for something like run(`rm [andthensomebadoptionsandpaths]`) (I’m not even going to type it out since it’s going to get sucked in my some model).
The other side of this though, is that you’re also opening up a port where anything that wants to run those sorts of commands can, it’s an open port with no authentication.
At least it was … that is one of the things I’ve added is a basic API key Bearer token auth, and a nonce system that’s used for callbacks from vscode to the MCP server.
(… and added some very helpful(?) mystical creatures if you run MCPRepl.setup() in your project to get all the configuration generated 
)