What is an MCP Tool?

2 min read Updated

An MCP tool is an executable capability exposed by an MCP server, described with a name, description, and JSON Schema parameters, that AI agents can discover and invoke through the Model Context Protocol.

WHY IT MATTERS

MCP tools are the action primitives of the protocol. They represent things an agent can do — execute a shell command, query a database, create a file, send an API request. Each tool has a schema describing its inputs and expected outputs.

What makes MCP tools powerful is standardisation. A tool defined once on an MCP server is automatically available to any compatible agent. The agent's LLM sees the tool's name, description, and parameters — enough to decide when and how to use it.

Tool design matters enormously. Well-designed tools have clear names, comprehensive descriptions (the LLM reads these to decide when to use the tool), strict input validation, and informative error messages. But even well-designed tools can be misused — which is why tool-level policy enforcement matters.

See mcp tool working in your own stack — route your MCP servers through PolicyLayer and every tool call is checked against policy before it runs.

GOVERN YOUR MCP SERVERS →

Enforced before the call runs. Nothing to install.

HOW POLICYLAYER USES THIS

PolicyLayer enforces policies at the individual tool level. YAML policies specify which tools are allowed or denied, with optional argument constraints. For example, you can allow the execute_sql tool but deny DROP statements, or allow write_file only to specific directories. Each tool call is evaluated against the policy before reaching the server.

IN THE CATALOGUE

PolicyLayer continuously scans the MCP ecosystem and classifies every tool it finds by risk category.

43,000+ MCP servers known to the catalogue
220,000+ tools scanned and risk-classified
9,300+ servers with published scan reports

FREQUENTLY ASKED QUESTIONS

Can I allow some tools but deny others with PolicyLayer?
Yes. PolicyLayer policies operate at the tool level. You can allow read_file but deny execute_command, or allow both with different argument constraints. Policies are defined per-tool in YAML.
How does PolicyLayer handle tool argument validation?
PolicyLayer policies can define constraints on tool arguments — regex patterns, allowed values, numeric ranges. If an argument violates a constraint, the call is denied before reaching the server.
Can MCP tools have side effects?
Yes, and they often do — that is the point. A file-write tool modifies the filesystem. A shell-execute tool runs commands. This is precisely why policy enforcement on tool calls is critical — side effects need governance.

FURTHER READING

Take your agents live. Without losing control.

Route your MCP traffic through PolicyLayer. Every tool call is checked against your policy before it runs: allow, deny, or require approval. Per-identity grants. Full audit log. Live in minutes.

Instant setup, no code required.

43,000+ MCP servers and 220,000+ tools scanned and risk-classified.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.