Connect External Tools

Understanding the Risk/Reward

When you add external tools (MCPs), you are giving Claude access to the outside world.

This increases the “surface area” of what Claude can do, which is great for productivity but introduces new risks of data leaks or incorrect actions.

Follow the Principle of Least Privilege: only give Claude access it needs to do the job.

Note on Reliability

MCP’s within Claude Code can be buggy, require re-authenticating, asking multiple times for it to hook in, forgetting how to call the right tools, etc.

YOLO Mode Warning

Shift-Tab enables skip approvals mode - Claude takes actions without asking. This is more dangerous when leaving the safe walled garden of text files and using external stuff like MCPs. Stay in approval mode until you’re confident.

What’s Possible: Local Context + External Action

Investment Thesis → Outreach Drafts

“Read my investment thesis in @thesis.md. Use Exa to find 5 emerging startups in the 'Generative Video' space that align with my criteria. Then use Apollo to research their founders' backgrounds and draft personalized outreach emails.”

Bugs → Roadmap

“Read user interview notes in @interviews/ and bug reports in Jira. Extract the top 5 recurring feature requests, estimate engineering effort, create a roadmap in Google Sheets, and post a summary to the #product Slack channel.”

Event Signups → Talking Points

“Read the attendee list from our upcoming 2025 gala. Use Apollo to find their current roles, background, and company news. Draft talking points for our team to prep for the event.”

Setting Up Rube (the gateway to your apps)

Rube allows you to hook into 500+ apps from Claude Code.

Installation

1. Go to https://rube.app and click “Get Started”

2. Authenticate with email/Google

3. Copy setup command and run in terminal:

   Copy

   claude mcp add --transport http rube -s user "https://rube.app/mcp"

4. In Claude Code run /mcp

5. Select Rube and press enter

6. In Rube MCP Server, Select Authenticate and press enter

7. Complete authentication in the browser window that opens

8. Once connected, we can go back to rube.app from their dashboard

Adding Apps Safely

• Go to Apps -> Marketplace
• Search for apps you want to enable

Example: Gmail

Click Recommended option (Composio)

Enable Scopes (I left all of these on, as we’ll be able to limit what the agent can do later)

Approve Scopes

CRUCIAL STEP: LIMIT TOOLS AVAILABLE TO THE AGENT

Click Modify Tools

(I encourage clicking All Tools off, and then only allowing View Only (if you want it to create drafts or send emails later you can go in and turn them off)) Click Update Tools in top right corner

From Claude Code, ask

Can you summarize key emails in my inbox

Press enter to proceed, or tab down to 2 and press enter (you may need to start a fresh session or else reauthenticate)

Context Management & Costs

The instructions for the tools you give Claude (via MCPs) gets “read” by Claude at the start of every conversation. This has two downsides:

1. Security: Claude “knows” about all your connected apps, even when you don’t want it to use that tool.
2. Cost/Speed: It fills up the context window, making Claude slower, more confused, and more expensive.

Best Practice: Run /context to see what Claude is carrying around. If you aren’t using a tool for a specific task, disable it. Treat MCPs like heavy machinery—turn them on only when you need to use them.

Managing Context and Spend

Token Efficiency

Use /context to see how much junk you’re carrying around. MCP’s take up a lot of tokens in every conversation.

Checkpoint

Integration:

• Rube installed (if necessary)
• Understand read-only vs destructive permissions
• Connected 1-2 services
• Know how to check context with /context

Understanding:

• Understand MCP security implications
• Managing token usage

What’s Next

Congrats on finishing the course.

We’ll be releasing more modules soon.

Questions? Anything we missed? Get in touch: derek@newyorkai.org