MCP Capabilities
About 5 minutes
MCP Capabilities
Section titled “MCP Capabilities”MCP servers can provide three primary capability types to clients: Tools, Resources, and Prompts. The official MCP documentation describes Tools as executable functions, Resources as context data, and Prompts as reusable templates.[1]
Overview of the Three Capability Types
Section titled “Overview of the Three Capability Types”| Type | Controller | Side Effects | Primary Use |
|---|---|---|---|
| Tools | AI model (autonomous) | Yes | Executing operations, calling external APIs |
| Resources | Application (Host) | No | Providing read-only data |
| Prompts | User / Developer | No | Managing prompt templates |
Tools are functions that AI applications can invoke to perform actions such as file operations, API calls, and database queries.[2]
Characteristics of Tools
Section titled “Characteristics of Tools”- The AI model decides autonomously to call them (model-driven)
- Perform processing or computation with effects and side effects
- A mechanism to request user permission before execution is recommended
How Tools Work: A Weather Retrieval Example
Section titled “How Tools Work: A Weather Retrieval Example”When a user asks “What is the weather in Tokyo?”, the following flow occurs:
- The LLM determines that it needs to call the
get_weathertool to look up the weather - The MCP client sends
get_weather(location="Tokyo")to the server - The server calls the weather API and returns the result as JSON
- The LLM generates the answer “Tokyo is 18°C and sunny” based on the result
// Example tool call request
{
"name": "get_weather",
"arguments": {
"location": "Tokyo"
}
}
// Example server response
{
"temperature": 18,
"condition": "sunny",
"humidity": 55
}Tool Security
Section titled “Tool Security”Tools may involve operations that act on the outside world, such as writing files, sending emails, or making API requests. Because MCP treats Tools as executable functions for actions, Hosts should add user confirmation for irreversible or high-risk operations.[2]
Examples of operations requiring user permission
- Creating, updating, or deleting files
- Sending emails or messages
- Sending data to external APIs
- Writing to a database
Resources
Section titled “Resources”Resources are data sources that provide contextual information to AI applications.[3] They are a good fit for read-oriented information such as files, database records, and API responses.
Characteristics of Resources
Section titled “Characteristics of Resources”- Controlled by the application (Host) — the AI model does not access them autonomously
- Provide read-only data (no side effects)
- Identified by URI (
file://,https://,db://, etc.)[3] - High safety from a privacy standpoint
How Resources Work: Reading a File
Section titled “How Resources Work: Reading a File”URI example: file:///Users/user/documents/report.pdf
// Resource metadata
{
"uri": "file:///Users/user/documents/report.pdf",
"name": "Quarterly Report",
"mimeType": "application/pdf"
}When the Host application determines that “the content of this file should be included in the context,” it adds the Resource to the AI model’s context.
Differences Between Tools and Resources
Section titled “Differences Between Tools and Resources”| Comparison | Tools | Resources |
|---|---|---|
| Controller | AI model (autonomous) | Application (Host) |
| Side effects | Yes (writing, sending, etc.) | No (read-only) |
| Security | User permission recommended | Relatively safe |
| Execution timing | When the LLM determines it is needed | When the Host determines it is needed |
Prompts
Section titled “Prompts”Prompts are reusable prompt templates or conversation flows managed by an MCP server.[4] They allow standardized instructions and conversation patterns to guide AI behavior, all managed centrally on the server side.
Characteristics of Prompts
Section titled “Characteristics of Prompts”- Controlled by the user or developer — the AI model does not select them autonomously
- Managed server-side, so they can be updated without changing the client app
- Can accept arguments (parameters) to generate dynamic prompts
- Enable standardization of reusable prompt patterns
How Prompts Work: A Code Review Template
Section titled “How Prompts Work: A Code Review Template”// Example prompt definition
{
"name": "code_review",
"description": "Prompt template for code review",
"arguments": [
{
"name": "language",
"description": "Programming language",
"required": true
},
{
"name": "focus",
"description": "Review focus (security/performance/readability)",
"required": false
}
]
}When a user selects the code_review template and specifies language=Python, the server generates a concrete prompt that reflects those parameters and returns it to the client.
Benefits of Prompts
Section titled “Benefits of Prompts”Managing Prompts on the server side provides the following benefits:
- Centralized management: Prompt improvements are made server-side; clients automatically use the latest version
- Reusability: The same prompt templates can be shared across a team
- Version control: The history of prompt changes can be managed on the server
Choosing Between the Three Types
Section titled “Choosing Between the Three Types”Here is a decision guide for selecting the appropriate type:
graph TD
A[What capability to provide?] --> B{Side effects?}
B -->|Yes\ne.g., file write, API send| C[Tools]
B -->|No| D{Is it AI-driven\nautonomously?}
D -->|Yes| E[Tools\n※ Even without side effects,\nif model-driven use Tools]
D -->|No| F{Data or prompt?}
F -->|Data provision| G[Resources]
F -->|Prompt\ntemplate| H[Prompts]Selection Examples by Scenario
Section titled “Selection Examples by Scenario”| Scenario | Appropriate Type | Reason |
|---|---|---|
| Fetching weather information | Tools | AI calls autonomously, accesses external API |
| Reading a document file | Resources | Read-only, controlled by Host |
| Code review prompt | Prompts | Reusable template, selected by user |
| Sending an email | Tools | Has side effects, requires user permission |
| Reading from a database | Resources | No side effects, data retrieval only |
| Project-specific instructions | Prompts | Standardized flow defined by dev team |
Summary
Section titled “Summary”- Tools: “Execution functions” the AI model calls autonomously. Side effects require careful security management.
- Resources: Read-only data provision. Controlled by the Host with no side effects, providing high safety.
- Prompts: Prompt templates managed on the server side. Can be updated without changing the client.
Frequently Asked Questions
Section titled “Frequently Asked Questions”Q: Are Tools and Function Calling the same thing?
A: The concepts are similar but distinct. Function Calling is a model-provider feature. Tools are an MCP protocol concept: MCP servers expose them, and MCP clients discover and invoke them.[2]
Q: What is the difference between Resources and RAG (Retrieval-Augmented Generation)?
A: RAG (Retrieval-Augmented Generation) is a technique for searching external documents and adding them to the AI’s context. Resources can be used as one mechanism for implementing RAG, but Resources are not limited to RAG. In MCP, Resources can provide context data such as file contents, database records, and API responses.[1]
Q: Can a single MCP server provide all three types — Tools, Resources, and Prompts?
A: Yes. A single MCP server can expose Tools, Resources, and Prompts together. The official architecture guide gives an example where one database-oriented server exposes a query Tool, a schema Resource, and a Prompt that helps interact with those tools.[1]
Related Links
Section titled “Related Links”- MCP Architecture — Host, Client, and Server roles
References
Section titled “References”- Model Context Protocol, Architecture overview
- Model Context Protocol, Tools
- Model Context Protocol, Resources
- Model Context Protocol, Prompts