MCP Skills

External Tool Access Under a Bounded Contract

When a capability already exists behind an MCP server, it is often unnecessary to rewrite that capability as an internal skill. What is needed instead is a controlled way to expose that external tool surface to the skill system, so the request remains bounded by an explicit descriptor, an allowlist, and a planning path that can be inspected afterward.

MCP Skills address this need by treating MCP tools as a constrained external execution surface. The skill does not become the tool itself. It becomes the local planning and filtering layer through which MCP tools are selected, restricted, and optionally called. This keeps interoperability aligned with the same skill-oriented architecture used elsewhere in the library.

In this family, the architectural value lies less in one complex local transformation and more in disciplined tool mediation. The descriptor establishes which tools are admissible and how planning should proceed. The subsystem then either derives a plan from a Plan SOPlang script or asks the LLM to produce a short plan from the allowed tools. In both cases, the execution surface remains narrower than direct tool exposure.

How the Subsystem Works in Practice

An MCP Skill is discovered through mskill.md. During preparation, the subsystem records the planning instructions, normalizes the allowlisted tool names, and optionally stores a script section. If a script is present, the runtime uses the script path. If no script is present, the runtime uses the LLM planning path. The authoring consequences of these two forms are described in Authoring.

The second practical distinction is between planning and execution. The subsystem can always return a plan. Actual MCP tool execution is optional and happens only when the runtime is configured with MCP client access. In that case, each planned step is sent to the MCP server through the client wrapper. The plan-generation path, the execution path, and the exact return structure are described in Runtime.