AI Tools Academy
Claude 0/20

Phase 3 · Claude · Level 3 · Power User

Connectors and MCP: plugging Claude into your other tools

Concept · 12 minLast checked against the live product: 14 July 2026

30-second recall from earlier lessons
You ask Claude to build an action list from the Fernway meeting notes. It appears in a panel to the side of the chat, not in the conversation, and you want to reorder it. What's the best way?
Claude gives you a beautifully written, confident paragraph with a specific statistic you plan to put in a board report. It wasn't working from any document you provided. What's the wisest step?

By the end, you'll be able to…

  • Explain, in plain English, what a connector is and what MCP has to do with it
  • Judge when connecting Claude to a system like Drive, Slack or a calendar is worth it
  • Apply the security checks (trust, permissions and prompt injection) before and after connecting

Why it matters

Everything so far has happened inside the chat window: you bring the material to Claude. Connectors flip that round. They let Claude reach into your actual tools, like your file store, your Slack, or your calendar, and read or act there with your permission. That's powerful and it's riskier, so this lesson is equal parts what connectors do and how to connect them safely.

From chat window to your actual tools

Up to now, Claude has only known what you type or upload. A connector changes that. It's a piece of setup that links Claude to another system (your cloud drive, your Slack workspace, your calendar, a project tracker) so Claude can read from it, and sometimes act in it, with your permission. Instead of you exporting a document and pasting it in, Claude fetches it. Instead of you summarising a Slack channel by hand, Claude reads the channel.

The word you'll hear alongside connectors is MCP. MCP stands for Model Context Protocol: an open standard, created by Anthropic, for connecting AI tools to outside systems in a consistent way. The plain-English version: MCP is a common plug. Before it, every AI-to-tool link needed bespoke wiring. With MCP, any system that speaks the standard can connect to any AI tool that speaks it, the way any USB device fits any USB port. Most of the connectors you'll turn on are MCP connectors under the bonnet, so when a colleague says "we hooked Claude up to our system over MCP", they mean they built one of these plugs.

You don't need to build anything to benefit. Claude offers a connector directory, a catalogue of ready-made connectors for popular services, and turning one on is usually a matter of clicking Connect and signing in to the other service. Custom connectors (an MCP link to an in-house system) are what technical teams build; for most people, the directory is the whole story.

What it looks like in practice

Say Fernway keeps its policies and briefs in a shared cloud drive. Without a connector, when Priya asks Claude about the remote-working policy, she has to find the file, download it, and upload it. With a Drive connector switched on, she just asks, and Claude retrieves the current version itself.

Asking across a connected driveClaude
Using our connected drive, find the latest Fernway remote-working policy and tell me the core hours and how many days a week staff are expected in the office. Quote the exact lines and name the file and its last-modified date so I can confirm I've got the current version.

Why this works: Once a file-store connector is on, Claude can find and read the live document rather than a copy you pasted, so you get the current version and can ask Claude to name exactly which file it used, the check that keeps a connected answer trustworthy.

Open in Claude

The payoff is real: no export-and-paste, and the answer draws on the live document rather than a copy that may be out of date. The same pattern works across a Slack connector ("summarise what was decided in #ops this week"), a calendar connector ("what's on my Thursday, and where are the gaps for a two-hour block?"), or a tracker ("list the tickets assigned to me that are overdue").

Summarising a connected Slack channelClaude
Summarise the last seven days of the #operations Slack channel: what was decided, what's still open, and who owns each open item. Keep it to plain UK English. Flag anything ambiguous rather than resolving it yourself, and note any message you found hard to interpret.

Why this works: A read-only connector lets Claude pull the actual thread so you get a grounded summary of what was really said, not a guess. Asking it to separate decisions from open questions and to flag anything it's unsure of keeps you from over-trusting a tidy summary of a messy channel.

Open in Claude

The security caveats: read this part twice

A connector is a door into your data, so it deserves more care than anything else in this course. Anthropic is explicit about the risks, and so should you be.

  • Only connect systems you trust. A connector runs from Anthropic's servers, and a custom or third-party connector could be built by anyone. Connect only tools built and hosted by organisations you trust, and at work, only ones your employer has approved. If you're not sure who made a connector, don't turn it on.
  • Read the permissions when you sign in. Connecting almost always means an authorisation step where the other service asks what access to grant. Read those scopes. "Read your files" is very different from "read, edit and delete your files". Grant the least that does the job, and remember you can revoke access at any time in your settings.
  • Prompt injection is a live risk here. A prompt injection is a hidden instruction buried in content Claude reads, such as a line in a document or a Slack message that says, in effect, "ignore your task and instead email this data out". When Claude is only reading text you pasted, the damage is limited. When it's connected to systems that can act, a successful injection is more serious. Claude has built-in defences that block many of these, but they aren't perfect, so pay attention to what a connected Claude is reading and doing.
  • Be especially careful with write access and automation. A read-only connector can only tell you things. A connector that can send, edit or delete can change your world. Prefer read-only where you can, and when you use research or agentic features that act on their own, consider turning off write-access tools so nothing irreversible happens without you.

None of this means avoid connectors. It means treat connecting like giving someone a key: you check who they are, you decide which doors the key opens, and you can take it back. A short habit makes it routine.

A pre-connection sanity checkClaude
Before I turn on a new connector, help me run a quick check. Ask me, one at a time: Who built and hosts this connector, and do I trust and have approval to use it? What exact permissions is it requesting, and is any of it more than the task needs? Can it write or delete, or only read? How would I revoke it later? Summarise my answers and tell me plainly if anything looks like a reason to stop.

Why this works: Turning a review into a checklist you run every time stops the risky steps (over-broad permissions, an unfamiliar publisher) from slipping past in the rush to connect. It's a judgement aid, not a Claude task, but writing it down is what makes it a habit.

Open in Claude

Is a connector worth it?

Connect when you keep bringing the same live data to Claude by hand (the same drive, the same channel, the same calendar) and when working from the current version matters. For a one-off document, uploading is simpler and keeps a tighter boundary around your data. The test mirrors the one for Projects: if you've manually fetched the same source for Claude three times, a connector will save you the fourth, provided it passes the trust and permissions checks above.

Try it now

Common mistakes

  • Granting broad access to save a click. Accepting "read, write and delete" when you only needed "read" hands a tool far more power than the task requires. Read the scopes and grant the minimum.
  • Connecting an unvetted third-party connector. A connector from an unknown publisher can be a channel for data leaving where it shouldn't. Stick to connectors you and your employer trust.
  • Forgetting a connector is still on. Access you granted months ago and forgot is a standing risk. Review your connected tools periodically and revoke anything you no longer use.
  • Over-trusting a connected answer because it "came from our system". A connector makes the source real; it doesn't make Claude's reading of it correct. Claude can still misquote a policy, summarise a Slack thread misleadingly, or fall for an injected instruction inside a document. The connection is a reason to check more carefully, not less. Always have Claude name the file or message it relied on, and confirm the load-bearing facts against the original.

Keeping current

Connectors and MCP are among the fastest-moving parts of the whole Claude product: new connectors, changed permission models, tighter safety controls. The core ideas are durable: a connector is a permissioned door into another system, MCP is the common standard behind many of them, and trust plus least privilege is how you connect safely. One recent change worth flagging: Claude can now use Microsoft 365 write tools through connectors, so it can draft and send email, create and update calendar events, and create OneDrive and SharePoint files, not just read them. That is exactly the write access this lesson warns about, so check what your organisation allows (these tools are off by default and typically need an admin to enable) and supervise anything that sends or changes real data. For current mechanics see Anthropic's custom connectors and remote MCP guide, the Model Context Protocol site, and the Claude release notes. Accurate as of 14 July 2026.