# Claude Managed Agents Tools Tools are attached to an [[Claude Managed Agents|agent]] at creation time; Claude decides when to call them during a session. Three kinds mix freely in the `tools` array: 1. **Built-in agent toolset** — the full file/shell/web kit, enabled via `agent_toolset_20260401` 2. **Custom tools** — your own tool contracts, executed client-side 3. **MCP toolsets** — third-party capabilities via [[Model Context Protocol (MCP)]] servers ## The built-in toolset One tool entry unlocks the whole kit: ```json {"type": "agent_toolset_20260401"} ``` | Tool | Purpose | |---|---| | `bash` | Shell commands in the container | | `read` / `write` / `edit` | File I/O with string-replace edits | | `glob` | Pattern-based file matching | | `grep` | Regex text search | | `web_fetch` | Retrieve URL content | | `web_search` | General web search | ### Disabling specific tools ```json { "type": "agent_toolset_20260401", "configs": [{"name": "web_fetch", "enabled": false}] } ``` ### Allowlist mode (everything off, enable only what you need) ```json { "type": "agent_toolset_20260401", "default_config": {"enabled": false}, "configs": [ {"name": "bash", "enabled": true}, {"name": "read", "enabled": true} ] } ``` ## Custom tools Same contract as [[Large Language Models (LLMs)|LLM]] client-executed tools in the Messages API. Claude emits a structured call; your code executes it; you reply with a `user.custom_tool_result` event. ```json { "type": "custom", "name": "get_weather", "description": "Get current weather for a location", "input_schema": { "type": "object", "properties": {"location": {"type": "string"}}, "required": ["location"] } } ``` ### Best practices - Write rich, specific descriptions (3-4+ sentences); this is the single biggest factor in tool-use quality - Consolidate related ops into one tool with an `action` parameter instead of creating many siblings - Namespace names when tools span services (`db_query`, `storage_read`) - Return only high-signal, stable fields; bloated responses waste context ## MCP toolsets Declare MCP servers on the agent by `name` + `url`; reference them via `mcp_toolset`. ```json { "mcp_servers": [ {"type": "url", "name": "github", "url": "https://api.githubcopilot.com/mcp/"} ], "tools": [ {"type": "agent_toolset_20260401"}, {"type": "mcp_toolset", "mcp_server_name": "github"} ] } ``` Auth is supplied **per session** via `vault_ids` — credentials live in vaults, not in the agent definition, so reusable agent configs never contain secrets. MCP toolsets default to `always_ask` permission policy (user confirmation per call). Only **remote MCP servers** over streamable HTTP are supported; no stdio. ## Skills Attach up to **20 skills** per session. Pre-built Anthropic skills (e.g., `xlsx`, `pdf`, `pptx`, `docx`) or custom skills authored for your organization. They load on demand via progressive disclosure, keeping the context window lean. ```json { "skills": [ {"type": "anthropic", "skill_id": "xlsx"}, {"type": "custom", "skill_id": "skill_abc123", "version": "latest"} ] } ``` See [[AI Agent Skills]] for the general pattern. ## References - Tools: https://platform.claude.com/docs/en/managed-agents/tools - MCP connector: https://platform.claude.com/docs/en/managed-agents/mcp-connector - Skills: https://platform.claude.com/docs/en/managed-agents/skills ## Related - [[Claude Managed Agents]] - [[Claude Managed Agents Events]] - [[Model Context Protocol (MCP)]] - [[AI Agent Skills]]