It's the security layer that I'm most interested with MCPs. Granting full access to the CLI feels super dangerous and maybe there are options to certain commands that I want to restrict from LLM usage.