Evaluate AI tools with the same diligence as any dependency
The same rules from Choose dependencies wisely apply here — read the code, check the author, review the issues. An MCP server, an agent skill, or an AI-powered tool is still software running on your machine with access to your environment.
Before installing:
- Review the source code. If it’s not open source, think twice
- Check the author and the community around it
- Test on a separate machine or container first. Reduce the blast radius
- Don’t fall for hype. The stakes are too high for your company
Review before installing — not after something goes wrong.