Comment by CamperBob2

With MCP your client can easily have a blocklist for commands, but with cli you would need to code custom logic for each cli separately.

Nah. Just don't let your model do anything potentially destructive until three or four other models have vetted the proposed action.

Filtering individual commands can never provide more than the shallowest semblance of security. If a smart model is hellbent on deleting your production database, it will write its own Python program to do it if the usual commands are blocked.