Tutorials Logic, IN info@tutorialslogic.com
FAQs Support

Tools, Resources & Prompts: Choosing the Right MCP Capability

Tools, Resources & Prompts

MCP servers expose three main capability shapes: tools for actions, resources for readable context, and prompts for reusable model interaction templates. Choosing the wrong type causes confusion, weakens security review, and makes host behavior harder to predict.

This page is the primary home for the distinction itself. Later pages go deeper on each capability in isolation.

Mental Model

If the host needs the server to do something, it is a tool. If the host needs something to read, it is a resource. If the host or user needs a reusable interaction pattern, it is a prompt.

Capability Comparison

Capability Primary Use Side Effects Typical Caller
Tool Perform an action or computation Possible Model or host
Resource Read context or content Should not Host or user flow
Prompt Provide reusable message templates No direct side effect User or host UI

Tools

Tools are the action surface of an MCP server. They search, create, update, analyze, summarize, or trigger some backend operation. Because a tool may cause cost, latency, or state change, tools demand the strongest validation and authorization discipline.

Good tool design is narrow. Instead of one do_anything tool, design discrete tools whose names reveal intent and whose schemas describe exactly what inputs are expected.

  • Examples: search_docs, create_ticket, calculate_diff, run_report
  • Tools can be read-only, but they are still actions because the server performs work on request
  • Tool outputs should be structured enough for hosts to reason about them

Resources

Resources are for reading known content through stable URIs. They are ideal for files, runbooks, generated reports, policy pages, records, and other reference data that a host may include in model context or display to a user.

A resource should feel like something a host can fetch intentionally. It is not a general search command and it should not produce hidden side effects.

  • Examples: policy://security/passwords, repo://frontend/package-json, report://billing/daily/2026-06-09
  • Resources support metadata such as MIME type and size
  • Templates allow dynamic families of resources without hardcoding every URI

Prompts

Prompts are reusable interaction templates exposed by the server. They are especially useful when domain experts want to standardize how a host frames a task, such as reviewing a deployment diff or summarizing a policy for a given audience.

Prompts should never be mistaken for authorization. They improve consistency, but they do not grant permission and they do not replace server-side checks.

  • Examples: review_incident_timeline, summarize_policy_for_hr, explain_diff_to_manager
  • Prompt arguments make templates reusable rather than copy-pasted
  • Prompts are often user-selected or host-selected, depending on UX design

How the Three Work Together

A strong server often uses all three. A docs server may expose search_docs as a tool, policy:// URIs as resources, and summarize_policy_for_employee as a prompt. Each capability type handles a different stage of the user task.

The protocol works best when those roles stay separate. Searching is not the same as reading, and reading is not the same as templating a model interaction.

One Domain Modeled Three Ways

One Domain Modeled Three Ways 
Tool:
  search_policies(query, limit)

Resource:
  policy://security/password-rotation

Prompt:
  summarize_policy_for_employee(policy_uri, employee_role)
  • The tool finds candidate content.
  • The resource represents stable readable content.
  • The prompt packages a reusable explanation workflow.

Choose the Capability by User Intent

The easiest way to choose between tools, resources, and prompts is to start with the user intent. If the user needs the model to perform or request an operation, use a tool. If the user needs approved context, use a resource. If the user needs a reusable language workflow, use a prompt. The categories overlap in product experience, but they should stay distinct in server design.

Do not mirror your backend API blindly. A backend may have twenty endpoints for tickets, but the MCP server might expose one search resource, one read resource, one create-draft tool, and one update-status tool. The MCP surface should be shaped for safe model use, not for internal service convenience.

A strong capability surface is small, legible, and intentionally redundant only where risk differs. For example, split `draft_email` from `send_email` because approval, audit, and failure handling are different. Split `search_documents` from `read_confidential_document` because discovery and read authorization differ.

  • Use tools for actions and computations.
  • Use resources for context and readable objects.
  • Use prompts for reusable task framing.
  • Split capabilities when risk, authorization, or user approval differs.
  • Hide backend complexity behind model-friendly contracts.

Capability Review Questions

Before publishing a capability, review it from three viewpoints: the model, the user, and the operator. The model needs a clear name, description, schema, and output shape. The user needs to understand consequences and trust boundaries. The operator needs logs, metrics, error classes, and rollback controls.

If a capability fails one viewpoint, redesign it before shipping. A tool that is easy for the model but impossible for users to approve safely is not production-ready. A resource that is convenient for the model but impossible to audit will become a compliance problem. A prompt that sounds elegant but has no test cases will drift over time.

  • Can the model infer when to use it from the description alone?
  • Can the user understand the action and consequence?
  • Can the server validate every input deterministically?
  • Can operators trace success, denial, timeout, and backend failure?
  • Can the capability be disabled without taking down the whole server?

The Capability Choice Decision Tree

Choosing between tools, resources, and prompts becomes easier when you ask who controls the capability. If the model may request an operation, design a tool. If the host attaches approved context, design a resource. If the user invokes a reusable task template, design a prompt. The same product feature may involve all three, but each should keep its role clear.

For example, a database assistant might expose a schema as a resource, a query-planning prompt as a prompt, and a read-only query executor as a tool. The resource gives context, the prompt guides interaction, and the tool performs the bounded operation. Blurring those roles creates confusing security and UX.

The most common mistake is turning backend endpoints directly into tools. Backend APIs are built for services, not for model planning. MCP capabilities should be shaped for model use: clear names, narrow inputs, bounded outputs, and explicit descriptions of when to use or not use them.

Review every capability by asking what the model sees, what the user understands, what the server validates, and what operators can audit. If one of those views is weak, the capability needs redesign before production.

  • Use control ownership to choose tool, resource, or prompt.
  • Combine capability types intentionally for complete workflows.
  • Do not mirror backend APIs blindly.
  • Review every capability from model, user, server, and operator perspectives.

Expert Practice Lab

Take one backend feature and design it three ways: as a tool, as a resource, and as a prompt. Then choose the correct MCP primitive by asking who should control it and what risk it carries.

This comparison prevents common design mistakes. If it changes state, it is probably a tool. If it supplies context, it is probably a resource. If it packages a repeatable user workflow, it is probably a prompt. Some product flows need all three working together.

  • Choose primitives by control and side effect.
  • Avoid backend endpoint mirroring.
  • Combine primitives only when each has a clear role.

Capability Selection Example

The same domain can expose different MCP primitives for different interaction semantics.

Capability Selection Example 
{
  "tool": "search_policies(query)",
  "resource": "policy://security/password-rotation",
  "prompt": "explain_policy_for_role(policy_uri, role)"
}
  • Search is computed from arguments, so it is a tool.
  • The policy has a stable identity, so it is a resource.
  • The reusable explanation workflow is a prompt.
Key Takeaways
  • Use tools for actions, resources for reads, prompts for reusable message templates.
  • Keep the capability type aligned with the real runtime behavior.
  • Do not bury side effects inside something named like a resource.
  • Do not use prompts as a substitute for validation or auth.
Common Mistakes to Avoid
Calling a write action a resource because it sounds safer.
Creating one giant tool instead of a few narrow ones.
Returning large data dumps from a tool when a resource link or resource URI would be cleaner.

Practice Tasks

  • Take ten assistant features and classify each as a tool, resource, or prompt.
  • Redesign one broad tool into a combination of tool plus resource.
  • Write names for three prompts that would help a security operations assistant.
See Also
Hosts, Clients & Servers MCP Tools

Frequently Asked Questions

Yes. That is often preferable when the result is large and should be fetched separately instead of embedded directly.

Yes. MCP prompts can embed resource content as part of their returned messages.

Previous Next

Ready to Level Up Your Skills?

Explore 500+ free tutorials across 20+ languages and frameworks.

Browse Tutorials Contact Us