Model Context Protocol (MCP) tool annotations like readOnlyHint and destructiveHint are intended as user experience aids, not security enforcement mechanisms. Server authors define these annotations, but the protocol does not verify their accuracy, meaning a server could falsely declare a tool as read-only. While hosts can use these hints for better UX or as one signal among many for scrutiny, they must independently trust the server, as the annotations themselves are not a security layer. AI
IMPACT Clarifies the role of tool annotations in LLM interactions, impacting how developers build and secure AI-powered tools.
RANK_REASON The article explains a technical nuance of an existing protocol, clarifying its intended use and limitations.
- destructiveHint
- GitHub
- idempotentHint
- MCP
- Model Context Protocol
- OpenAI
- readOnlyHint
- Sam Morrow
- SEP-1862
- SEP-1913
- Justin Spahr-Summers
AI-generated summary · Google Gemini · from 2 sources. How we write summaries →
