claude-agent-sdk-python icon indicating copy to clipboard operation
claude-agent-sdk-python copied to clipboard
verified publisher icon anthropics

Tools to open by default?

Open emilebosch opened this issue 2 months ago • 1 comments

It seems that the tools for bash, kill etc are the default when just using it out of the box? Doesn't that give every LLM an attack surface by default if users just copy paste examples.

I would expect to have these tools explicitly defined. And only add them when needed. Now an unexpected dev might accidentally open things up.

'tools': ['Task', 'Bash', 'Glob', 'Grep', 'ExitPlanMode', 'Read', 'Edit', 'Write',
 'NotebookEdit', 'WebFetch', 'TodoWrite', 'WebSearch', 'BashOutput', 'KillShell', 'Skill', 
'SlashCommand', 'mcp__calc__add', 'mcp__calc__multiply']

I.e code sample

@tool("add", "Add two numbers", {"a": float, "b": float})
async def add(args):
    return {
        "content": [{
            "type": "text",
            "text": f"Sum: {args['a'] + args['b']}"
        }]
    }

@tool("multiply", "Multiply two numbers", {"a": float, "b": float})
async def multiply(args):
    return {
        "content": [{
            "type": "text",
            "text": f"Product: {args['a'] * args['b']}"
        }]
    }

calculator = create_sdk_mcp_server(
    name="calculator",
    version="2.0.0",
    tools=[add, multiply] 

options = ClaudeAgentOptions(
    system_prompt="you help with calcualtin",
    mcp_servers={"calc": calculator},
    allowed_tools=["mcp__calc__add", "mcp__calc__multiply"]
)

async def test():
    async with ClaudeSDKClient(options=options) as client:
        await client.query("What tools do u have at your disposal?")

        async for message in client.receive_response():
            print(message)


I have access to a variety of tools to help you! Here are the main categories:\n\n## **Calculation Tools (MCP)**\n- **mcp__calc__add** - Add two numbers\n- **mcp__calc__multiply** - Multiply two numbers\n\n## **File Operations**\n- **Read** - Read files from the filesystem (supports text, images, PDFs, Jupyter notebooks)\n- **Write** - Create or overwrite files\n- **Edit** - Make precise string replacements in existing files\n- **Glob** - Find files using pattern matching (e.g., "**/*.js")\n- **Grep** - Search file contents using regex patterns\n- **NotebookEdit** - Edit Jupyter notebook cells\n\n## **Command Execution**\n- **Bash** - Execute shell commands (git, npm, docker, etc.)\n- **BashOutput** - Check output from background processes\n- **KillShell** - Terminate background processes\n\n## **Web & Research**\n- **WebSearch** - Search the web for current information\n- **WebFetch** - Fetch and analyze content from URLs\n\n## **Task Management & Planning**\n- **Task** - Launch specialized agents for complex multi-step tasks (exploration, planning, etc.)\n- **TodoWrite** - Create and manage structured task lists\n- **ExitPlanMode** - Transition from planning to implementation\n\n## **Collaboration**\n- **SlashCommand** - Execute custom slash commands\n- **Skill** - Execute specialized skills\n\nI\'m particularly set up to help you with **calculations** using the calculator tools, but I can also help with coding tasks, file management, research, and much more! What would you like to do

emilebosch avatar Nov 05 '25 14:11 emilebosch

yeah this is quite annoying. As a walkaround, you can put those in disallowed_tools to exclude tool 'descriptions' from the context.

sorryhyun avatar Nov 06 '25 00:11 sorryhyun