What criteria would you use to evaluate the quality of an MCP server's tool definitions before integration?
You are evaluating an MCP server before integrating it into a production agent. What criteria would you use to assess the quality of its tool definitions? Name at least five.
Vet an MCP server like a dependency: clear tool schemas the model can pick correctly, honest error semantics, scoped auth, supply-chain trust, and observability, scored against a rubric.
Think of hiring a contractor to work in your house. You don't just take the first one who shows up. You read their job sheet carefully, in case it secretly says 'also rummage through the drawers'. You confirm the work order is specific: exactly what gets fixed, with which tools. You make sure they tell you clearly when a job fails instead of going silent. And you hand them only the one key they need, not the whole keyring. You also check references, and you verify the person who shows up next week is the same one you vetted. An MCP server is a contractor for your AI agent. The same caution applies: read the tool descriptions, demand tight schemas, verify honest error reporting, scope its access, and trust its source before you let it near production.
Detailed answer & concept explanation~8 min readEverything you need to truly understand this topic: intuition, mechanics, step by step explanation, code, formulas, and worked example. Click to expand.
Everything you need to truly understand this topic: intuition, mechanics, step by step explanation, code, formulas, and worked example. Click to expand.
Everything you need to truly understand this topic: intuition, mechanics, step by step explanation, code, formulas, and worked example.
Everything important, quickly.
5 min: frame the server as an untrusted dependency, walk the five rubric dimensions (schema clarity, error semantics, auth and least privilege, supply chain, observability), then map each onto an OWASP MCP risk and a pass-fail gate.
| Criterion | What good looks like | Red flag |
|---|---|---|
| Tool description | Accurate, scoped, no hidden directives | Vague or oddly long, embeds instructions |
| Input schema | Required fields, enums, bounded ranges | Naked object type, no properties |
| Error semantics | isError true inside the result | Logic failures thrown as protocol errors |
| Auth scope | Narrowest privilege the tool needs | Broad credentials, shared secrets |
| Supply chain | Open source, signed, version pinned | Unpinned, unsigned, unknown publisher |
| Operability | Maintained, logged, traceable | Stale repo, opaque failures |
Real products, models, and research that use this idea.
- The OWASP MCP Top 10, published in 2025, codifies tool poisoning, rug pulls, and confused-deputy risks into a checklist teams use for server vetting.
- Anthropic's MCP server registry lets a host pin a specific server version, so an approved tool definition cannot silently change underneath the agent.
- mcp-inspector lets you enumerate a server's tools and schemas and replay tools/call traffic, so you can audit descriptions and error shapes before integration.
- Cursor and Claude Code surface a per-tool approval UX, which only works when destructive tools are labeled in the server's tool definitions.
What an interviewer would ask next. Try answering before peeking at the approach.
QHow would you concretely detect tool poisoning in a server's tool descriptions?
QHow do you defend against a rug pull where a server redefines a tool after you approved it?
QHow would you turn these criteria into a quantitative adoption rubric a team can apply?
Don't say thisRed flags and common mistakes that signal junior thinking. Click to expand.
Red flags and common mistakes that signal junior thinking. Click to expand.
Vetting only the schema and skipping supply-chain trust. A clean tool definition from an unpinned, unsigned server can still rug-pull you after approval.
The night-before-the-interview bullets. Scan these on the way to the call.
Primary sources. Skim if you want the original framing.
Same topic, related formats. Practice these next.