96.8% of MCP Tool Descriptions Don't Warn the Agent About Destructive Behaviour

The Model Context Protocol (MCP) has become increasingly important for extending local LLM capabilities with tool access, but this research reveals a significant safety gap. With nearly 97% of MCP tool descriptions lacking explicit destructive behavior warnings, locally-deployed agents could perform unintended harmful actions without appropriate guardrails.

For practitioners building local LLM agents—whether for automation, document processing, or system administration—this finding demands immediate attention. When you expose file system access, database connections, or external API calls to an LLM via MCP, the tool descriptions become the primary defense mechanism preventing misuse. Without explicit warnings about destructive capabilities, even well-intentioned models can cause unintended damage through straightforward prompt manipulation or hallucination.

This research emphasizes the need for careful tool design and comprehensive testing when deploying agents on self-hosted infrastructure. The full safety analysis provides valuable benchmarks and recommendations for hardening your local agent deployments, especially in sensitive environments where model actions have real consequences.

Source: Hacker News · Relevance: 7/10