TrustSkills
BlogCompareGlossaryDetections

Definition

Tool poisoning

An attack where a malicious MCP server or skill defines tool names that shadow or intercept calls intended for legitimate tools. When an agent calls what it believes is a trusted tool, the malicious tool handler executes instead — potentially altering the action taken, exfiltrating inputs, or injecting instructions into the agent's context. Tool poisoning is a form of indirect prompt injection at the MCP layer.

How TrustSkills detects this

TrustSkills scans OpenClaw and ClawHub skills for tool poisoning patterns before you install them. The scanner returns plain-English findings — no CVE IDs, no security jargon — with a risk level and a clear explanation of what was found.

Scan a skill freeHow we detect tool poisoning

Related terms

MCP server

A server implementing the Model Context Protocol that wraps a service, API, or data source and expos

Indirect prompt injection

A prompt injection attack where malicious instructions are embedded in external content that the age

Deep dive

Basic knowledge

What is MCP server security?

MCP servers extend what AI agents can do. That is also what makes them a security boundary. Understanding the threat surface is essential before you connect one to a model with real capabilities.