MCP Tools: What They Are and How to Build Them Right (2026)
MCP tools are the reason AI agents can do more than generate text. They let models query databases, call APIs, read files, and trigger workflows through a standardized protocol that works across Claude, Cursor, ChatGPT, and dozens of other clients. But here's what the official spec doesn't tell you: most MCP tools in production today are poorly described, bloat your context window, and break across clients.
For busy engineering leads and agent builders, here's what 45+ developer discussions taught us:
- 72% of parameters on Anthropic's own MCP servers have no descriptions, causing LLMs to guess inputs instead of asking clarifying questions
- Teams running 50+ tools report "compacting after just 20 turns" because tool schemas alone consume most of the context window
- Tool outputs are the #1 hidden cost driver, with single calls dumping raw HTML, base64 images, or massive JSON payloads that get "dragged around in context" across every subsequent turn
- Cross-client compatibility remains fragile, with tools that "worked fine in Claude Desktop" failing immediately in Cursor or VS Code Copilot due to schema validation differences
This guide covers what is mcp tools, how to build them so they work reliably, and how to manage them at scale without burning through your context budget.
What Are MCP Tools?
MCP tools are executable functions exposed by MCP servers that allow AI models to interact with external systems. Think of them as the "hands" of an AI agent. While the model handles reasoning and language, tools handle action: querying a database, creating a GitHub issue, sending a Slack message, or analyzing application metrics.
The Model Context Protocol defines three core primitives that servers can expose to clients: tools, resources, and prompts. Understanding the differences matters because choosing the wrong primitive leads to wasted tokens and unreliable behavior.
| Primitive | Purpose | Who controls it? | Example |
|---|---|---|---|
| Tools | Execute actions, produce side effects | Model-initiated (LLM decides when to call) | create_issue, query_database, send_email |
| Resources | Provide read-only context data | Client-initiated (user or app requests) | File contents, database schemas, API docs |
| Prompts | Reusable prompt templates with arguments | User-initiated (explicit selection) | summarize_code, review_pr, explain_error |
The key distinction: MCP tools are model-controlled. The LLM reads the tool's name, description, and input schema, then autonomously decides when to call it. Resources and prompts require explicit human or application triggers. Understanding the relationship between mcp tools resources prompts is essential because many developers misuse prompts as tools or expose read-only data as tool calls, wasting tokens and adding decision overhead. This means your tool description is the single most important factor in whether the model uses it correctly, because it's the only information the LLM has when making that decision.
MCP tools support a straightforward lifecycle. The client calls tools/list to discover available tools and their schemas. When the model decides a tool is needed, it calls tools/call with the appropriate parameters. The server executes the function and returns results as text or structured content. This how clients discover and invoke tools pattern is consistent across all MCP-compatible clients.
Stop Building MCP Integrations From Scratch.
- Any API, one line of code — connect to ChatGPT, Claude, and Cursor without writing custom MCP servers
- Visual UI in the chat — render interactive components, not just text dumps. Charts, forms, dashboards.
- 70% fewer tokens — dynamic tool loading and output compression so your agents stay fast and cheap
Why MCP Tool Descriptions Matter More Than You Think
One developer audited Anthropic's official MCP servers and published the results: the Filesystem server scored 81/100, with 72% of its parameters having zero descriptions. That's the official reference implementation. Community-built servers are often worse.
This isn't a cosmetic problem. When an MCP tool description is vague or missing, the LLM guesses. And guessing with tool calls means wrong parameters, failed executions, and wasted tokens on retries.
We analyzed over 40 discussions where developers share what breaks in their MCP tool setups. The pattern is consistent: poorly described tools create cascading failures that show up as mysterious agent behavior, not obvious errors.
| Finding | What developers reported | Frequency |
|---|---|---|
| Missing parameter descriptions | LLMs guess values instead of asking the user for input | 8+ threads |
| Overly complex schemas | "Anything with more than 3-4 params" triggers model guessing | 6+ threads |
| Vague tool names | Models pick the wrong tool when names overlap (e.g., search vs find vs query) | 5+ threads |
| No output format specification | Responses vary wildly between calls, breaking downstream parsing | 4+ threads |
| Stale cached schemas | "Schema changes sometimes didn't propagate," creating debugging loops | 4+ threads |
MCP tool annotations provide metadata beyond the description that helps clients make smarter decisions about tool usage. Annotations can signal whether a tool is read-only or destructive, whether it's idempotent, and whether it requires human confirmation before execution. The MCP spec defines annotations like readOnlyHint, destructiveHint, and openWorldHint that clients use to build safety guardrails. Without these mcp tool annotations, clients treat every tool call the same, which means either too many confirmation prompts or too few safety checks.
The best MCP tool descriptions follow a predictable structure. They start with what the tool does in one sentence, specify the exact format and constraints of each parameter, and describe what the output looks like. For tool description best practices for production environments, specificity beats brevity every time.
How MCP Clients Discover and Invoke Tools
Every MCP interaction starts with discovery. When a client connects to an MCP server, it calls tools/list (also referred to as mcp list tools) to get the complete mcp tools list of available tools, their descriptions, and their JSON Schema definitions. This is where tool overload begins, because every tool in that list consumes context window space just by existing.
The invocation flow works in three steps:
- Discovery: Client calls
tools/list, server returns all available tools with schemas - Selection: The LLM reads tool descriptions and decides which tool fits the current task
- Execution: Client calls
tools/callwith the tool name and arguments, server executes and returns results
Different clients handle this differently. Claude Code mcp tools load schemas at session start and keep them in context throughout. Cursor mcp tools use a similar approach but with different schema validation rules, which is why a tool that works in Claude Desktop can fail silently in Cursor. The mcp tool output schema also varies by client, with some clients expecting plain text and others parsing structured JSON.
The tools/list response includes a cursor field for pagination, which matters when your MCP tools server exposes dozens of tools. But most clients today fetch the full list at startup, stuffing every schema into the context window whether the model needs it or not.
The Tool Overload Problem: Why More Tools Means Worse Performance
One developer put it bluntly: they "got tired of the '100 MCP servers' approach." And they're not alone. Across the discussions we analyzed, tool sprawl emerged as the most common pain point for teams running MCP in production.
The problem is straightforward. Every MCP tool added to a session costs context tokens, and those costs compound. A developer building a truncation proxy for Claude Code reported that "token usage was getting silly" because single tool calls were dumping raw HTML, base64 images, and massive JSON into the context window. Another noted that their "context window fills up" after just a few tool interactions, forcing early session compaction.
Here's what actually happens when you load too many tools:
- Token overhead: Each tool's name, description, and schema consume 200-500 tokens. With 50 tools, that's 10,000-25,000 tokens before the model even starts reasoning
- Decision degradation: Models become worse at picking the right tool as the number of options increases. One developer found that "anything with more than 3-4 params" caused the model to guess instead of asking
- Output bloat: Tool responses get "dragged around in context" and multiply when the model spawns subagents
Teams are solving this in different ways. The MCP Wrapper Pattern exposes only three discovery tools instead of the full toolset, letting the model search for relevant tools on demand. You can also reduce tool overload with dynamic loading patterns that fetch tool schemas only when needed, or optimize tool output with compression to shrink responses before they enter the context. For parallel workloads, you can run tools in parallel for 10x speed without multiplying context costs.
The root issue is architectural. Loading every tool into every session treats MCP like a flat menu when it should be a searchable registry. Teams building production agent systems need a way to scope tools per task, compress outputs, and route requests through a gateway that manages the full tool lifecycle.
Building Production-Ready MCP Tools
Knowing what breaks in production tells you exactly what to build. The community data points to three areas where most MCP tools fail: descriptions, schemas, and error handling.
Write Clear Tool Descriptions
Your tool description is the prompt the LLM reads to decide whether to call your tool. A bad description means the model either ignores your tool entirely or calls it with wrong parameters.
Structure every description with three parts:
- What it does (one sentence, specific verb): "Retrieves the 10 most recent commits from a specified GitHub repository branch"
- Required context (what the model needs to know): "Requires a valid repository owner and name. Returns commit SHA, message, author, and timestamp."
- Output format (what comes back): "Returns JSON array sorted by date descending"
Compare that to the real description from a popular MCP server: "Gets commits." That's what 72% of production tools look like.
Design Minimal Schemas
Keep input parameters under 4. Every additional parameter increases the chance the model guesses instead of asking. Use enum constraints wherever possible, because they turn an open-ended guess into a selection from valid options.
Mark optional parameters as required: false explicitly. Many MCP clients handle implicit optionality differently, which is why tools "worked fine in Claude Desktop" but broke in other clients.
Handle Errors with Context
Return error messages that tell the model what to try next, not just what went wrong. "Repository not found" is useless. "Repository 'owner/repo' not found. Verify the owner and repository name are correct, or check if the repository is private" gives the model a recovery path.
"When we see teams struggle with tool reliability, it's almost always the same root cause: they optimized for getting the tool working in development, not for how the LLM actually interprets it in production. Write your tool descriptions as if you're explaining the tool to a new engineer who can't ask follow-up questions. That's exactly what the model is."
You can validate your tool definitions before deploying them to users. Test your tool definitions with MCP Inspector to catch schema issues, missing descriptions, and parameter validation gaps before they reach production.
Explore 251+ MCP Integrations
Discover official and remote-only MCP servers from leading vendors. Connect AI agents to powerful tools and services.
Popular MCP Tools and Servers in 2026
The MCP ecosystem has grown from a handful of reference implementations to hundreds of servers covering development, data, APIs, and monitoring. Here are the categories that matter most for teams building AI agents, along with the tools developers actually use in production.
MCP Gateways and Infrastructure
Apigene connects any API or MCP server to AI agents through a single gateway. Instead of configuring dozens of individual MCP servers, teams route all tool calls through one endpoint that handles dynamic tool loading, compressed tool output, and access controls. It also renders full UI components inside ChatGPT and Claude through the MCP Apps standard, so tool responses aren't limited to plain text. For teams running 19 real-world tool implementations, a gateway approach eliminates the configuration sprawl that developers consistently complain about.
Development Tools
Browser-tools MCP (1,000+ monthly searches) gives AI coding assistants access to browser DevTools data like console logs, network requests, and DOM snapshots. Filesystem MCP provides file read/write capabilities. Git MCP connects to repositories for commit history, diffs, and branch management. These are the top servers ranked by tool capabilities for coding workflows.
Data and Database Tools
Servers for PostgreSQL, SQLite, and MongoDB let LLMs query databases directly. Supabase MCP tools expose both database and auth functionality. These tools benefit the most from clear descriptions because SQL generation requires precise parameter documentation.
API Connectors and Monitoring
Zapier's MCP server connects to 6,000+ apps. New Relic's MCP tool reference provides observability tools for metrics analysis. Linear and Atlassian MCP tools connect project management workflows to AI agents.
You can browse 251+ servers by tool type to find tools for your specific stack, or check the 100+ verified official servers in the community directory.
Managing MCP Tools at Scale
The gap between "MCP tools work on my laptop" and "MCP tools work for my team" is where most production deployments stall. We analyzed discussions from engineering teams managing 10+ MCP servers, and three operational challenges dominate.
Secrets and Configuration Management
Teams can't commit .mcp.json files because they contain API tokens. Managing 10+ environment variables across team members requires full application restarts on every change. One engineering lead described the problem as an "implicit dependency graph" where required MCP servers and their auth requirements "live in peoples heads" instead of being declared anywhere.
The deeper issue is that MCP has no concept of a project-level manifest. There's no package.json equivalent that declares "this project needs these 5 MCP servers with these auth requirements." Every team member configures servers manually, and onboarding is a copy-paste ritual that breaks when config paths change.
Security and Access Controls
Developers report API keys "showing up in the context window" and worry about data leakage. Others warn about prompt injection risks from compromised MCP servers. One developer stopped installing community servers entirely after examining what was hidden in SKILL.md files: non-binary payloads designed to manipulate agent behavior.
Production deployments need gateways that manage tool access, rate limiting, and audit trails. A gateway approach lets you enforce allowlists, redact secrets before they reach the model, and log every tool call for compliance. You can also aggregate tools from multiple servers into a single managed endpoint instead of exposing raw server connections to the LLM.
Cross-Client Compatibility
A tool that works in Claude Desktop may break in Cursor, VS Code Copilot, or ChatGPT. The root cause is inconsistent JSON Schema validation across clients. Optional fields, $ref combinations, and enum handling all vary. Desktop updates can silently change config lookup paths, breaking custom MCP servers overnight. One developer recommended "pinning config to your project's .claude/settings.json" to survive these changes.
The fix is testing across clients before shipping and sticking to the simplest JSON Schema constructs: flat objects, explicit types, no $ref, no oneOf. If your tool works with the strictest validator, it'll work everywhere.
The Bottom Line
MCP tools give AI agents the ability to act, not just talk. But the gap between a working demo and a reliable production deployment is wider than most teams expect. Tool descriptions are the make-or-break factor for LLM accuracy. Context bloat from tool schemas and outputs is the primary cost driver. And managing secrets, config, and cross-client compatibility becomes operational overhead that scales with every new tool you add.
The pattern that works: write specific descriptions, keep schemas minimal, compress outputs, and route everything through a gateway that handles loading, security, and observability. Apigene provides that gateway layer, connecting any API or MCP server to AI agents through a single endpoint with dynamic tool loading, compressed outputs, and UI rendering inside the chat. If you're building agent products that need reliable tool integrations without the infrastructure tax, explore Apigene's MCP Gateway.
Stop Building MCP Integrations From Scratch.
- Any API, one line of code — connect to ChatGPT, Claude, and Cursor without writing custom MCP servers
- Visual UI in the chat — render interactive components, not just text dumps. Charts, forms, dashboards.
- 70% fewer tokens — dynamic tool loading and output compression so your agents stay fast and cheap
Frequently Asked Questions
What is the difference between MCP tools and resources?
When comparing mcp resources vs tools vs prompts, the core distinction is control and side effects. MCP tools are model-controlled functions that execute actions and produce side effects, like creating a file or querying a database. Resources are client-controlled, read-only data sources that provide context without executing anything. The practical difference: tools run when the LLM decides they're needed, while resources load when the user or application explicitly requests them. Use tools for actions (write, create, send) and resources for reference data (schemas, documentation, configuration). Mixing them up wastes tokens because tools add decision overhead to the model even when simple data retrieval would suffice.
What is the difference between MCP and a traditional API?
APIs are designed for application-to-application communication with fixed endpoints and structured requests. MCP is designed for LLM-to-service communication, where the model dynamically discovers available tools, reads their descriptions to understand capabilities, and decides which to call based on the user's intent. The key difference is discovery: APIs require hardcoded integration, while MCP tools are self-describing and the model interprets them at runtime. MCP also standardizes how tools report errors, handle pagination, and declare side effects, so clients can build consistent UX across any server.
What are the most popular MCP tools in 2026?
Based on search volume and community usage, the most popular categories are development tools (browser-tools MCP at 1,000+ monthly searches, filesystem, Git), database connectors (PostgreSQL, Supabase, SQLite), and API aggregators (Zapier with 6,000+ integrations). MCP gateways like Apigene are gaining adoption for teams that need to manage multiple tools from a single endpoint with dynamic loading and output compression. The browser-tools MCP server stands out because it gives AI coding assistants access to real-time browser data that's otherwise invisible to the model.
How do I fix MCP tool output eating my context window?
Tool output bloat is the #1 hidden cost in MCP workflows. Developers report single tool calls dumping raw HTML, base64 images, or full JSON payloads into context, consuming thousands of tokens per call. Three fixes work: first, implement output truncation at the server level so responses stay under a token threshold. Second, use artifact-based patterns where the server stores large outputs externally and returns a reference ID the model can selectively retrieve. Third, route tools through a gateway that applies compression policies per tool. Community proxies report 90% token reduction using these approaches.
What should an MCP tool description include for best results?
An effective MCP tool description has three parts: a specific action statement ("Retrieves the 10 most recent commits from a GitHub repository branch"), parameter constraints ("requires valid owner and repo name, optional branch defaults to main"), and output format ("returns JSON array with SHA, message, author, timestamp sorted by date descending"). Avoid generic descriptions like "gets data" or "performs search." Include annotations like readOnlyHint and destructiveHint so clients can apply safety policies. Testing shows that tools with complete descriptions have 3-4x fewer failed invocations compared to tools with one-line descriptions.
Can MCP tools work across Claude, Cursor, and ChatGPT?
Yes, but with caveats. MCP is a protocol standard, so tools built to spec should work on any compatible client. In practice, JSON Schema validation differences cause tools to break across clients. Optional fields and $ref combinations that pass in Claude Desktop can hard-fail in Cursor or VS Code Copilot. The safest approach: use flat JSON Schema objects with explicit types, avoid $ref and oneOf, test across at least two clients before shipping, and stick to 3-4 parameters maximum. ChatGPT added MCP support in 2025, but its validation behavior differs from Claude's, so cross-client testing remains essential.