The Problem I Was Trying to Solve§
As LLM agents take on more complex tasks, writing customized tools for each specific API call becomes unmaintainable. We needed to create a modular, secure, and standardized framework where agents can dynamically acquire and execute "skills" (such as reading a file, searching a database, or sending an HTTP request). Specifically, we wanted to implement this utilizing the new Model Context Protocol (MCP) to govern tool access and prevent malicious execution.
Tools and Setup (auto-link injection fires here)§
Our development stack was composed of:
- Claude Agent SDK to orchestrate agent planning.
- StitchMCP to register and discover active MCP servers.
- A custom Node.js MCP server configured with strict API schema validation.
// Express-based MCP tool handler with schema enforcement
const registerTool = (name, schema, handler) => {
return {
name,
schema,
execute: async (args) => {
// Validate input parameters against schema
const isValid = validateJsonSchema(args, schema);
if (!isValid) throw new Error(`Invalid arguments for tool ${name}`);
return handler(args);
}
};
};Step-by-Step: What I Actually Did§
1. MCP Server Setup: We constructed an MCP server that lists available tools and schemas via JSON-RPC. 2. Token Authentication: We introduced a JWT-based header authentication process for all MCP tool invocations, ensuring the agent has explicit credentials to query the targeted resource. 3. Trapping Prompt Injections: We implemented prompt sanitation on all text arguments passed to tools, blocking attempts to execute shell commands disguised as query parameters.
Results and Takeaways§
- Modular Architecture: Adding a new tool is now as simple as deploying a new MCP server endpoint, without modifying the core agent code.
- Secure Sandbox: Prompt injection payloads within tool calls were successfully neutralized before execution.
- Use Standard Protocol: Using MCP ensures that your tools remain interoperable across different model families (OpenAI, Anthropic, Gemini).
