Skills & Tools
Tools are the actions an agent can take. Moneypenny supports multiple tool sources and makes them all available through a single registry with unified policy, audit, and discovery.
Because Moneypenny exposes its full API through MCP, you can manage tools and skills conversationally from any MCP-compatible client (Claude Desktop, Cursor, etc.) or through the CLI.
Tool Sources
| Source | Description | Examples |
|---|---|---|
| Built-in | Compiled into the binary | file_read, file_write, shell_exec |
| Runtime | Operate on the agent’s own database | memory_search, fact_add, job_create |
| MCP | Discovered from external MCP servers | Any MCP-registered tool |
| JS | User-defined JavaScript in QuickJS sandbox | Custom tools created at runtime |
Tool Execution Lifecycle
Every tool call follows the same pipeline:
Tool call requested → Policy check (allow / deny / audit) → Pre-hooks (argument transformation or abort) → Dispatch (runtime → MCP → JS → builtin) → Post-hooks (output transformation) → Secret redaction → Audit log write → Result returned to agentRuntime Tools
These tools let the agent operate on its own state:
| Tool | Purpose |
|---|---|
memory_search | Search across all memory stores |
fact_add | Store a new long-term fact |
fact_update | Update an existing fact |
fact_list | List active facts |
scratch_set / scratch_get | Session-scoped working memory |
knowledge_ingest | Ingest a document |
knowledge_list | List ingested documents |
job_create | Create a scheduled job |
job_list / job_pause / job_resume | Manage jobs |
policy_list | List active policies |
audit_query | Search the audit trail |
web_search | Search the public web |
MCP Tools
If MCP servers are configured, tools are discovered automatically at startup:
[[agents.mcp_servers]]name = "github"command = "npx"args = ["-y", "@modelcontextprotocol/server-github"]Discovered tools appear in the agent’s tool list alongside built-in tools.
JS Tools (Agent-Created)
Agents can create their own tools at runtime using JavaScript:
echo '{"op":"js.tool.add","args":{ "name":"celsius_to_fahrenheit", "description":"Convert Celsius to Fahrenheit", "source":"function run(args) { return String(args.celsius * 9/5 + 32) + \" °F\"; }", "parameters_schema":"{\"celsius\":\"number\"}"}}' | mp sidecarAsk your MCP-connected agent:
Create a tool called celsius_to_fahrenheit that converts Celsius to Fahrenheit
JS tools:
- Execute in a QuickJS sandbox (not Node.js)
- Are policy-gated and audited like any other tool
- Persist in the agent’s database
- Survive restarts
- Sync across agents via CRDT
Managing JS Tools
echo '{"op":"js.tool.list","args":{}}' | mp sidecarecho '{"op":"js.tool.delete","args":{"name":"celsius_to_fahrenheit"}}' | mp sidecarAsk your MCP-connected agent:
List my custom tools
Delete the celsius_to_fahrenheit tool
Skills
Skills are reusable procedures stored in the agent’s database. They surface in retrieval when the agent encounters a relevant query:
echo '{"op":"skill.add","args":{ "name":"incident-triage", "description":"Triage production incidents", "content":"1) Check dashboards. 2) Escalate: on-call → lead → VP. ..."}}' | mp sidecarAsk your MCP-connected agent:
Add a skill for incident triage: 1) Check dashboards, 2) Escalate: on-call → lead → VP
mp skill listAsk your MCP-connected agent:
Show me all skills
Skills track usage and success. High-performing skills surface more prominently in context assembly.
Tool Governance
Every tool call is subject to policy. Common patterns:
# Block shell access entirelymp policy add --name "no-shell" --effect deny --action "call" --resource "shell_exec"
# Audit all web searchesmp policy add --name "audit-web" --effect audit --action "call" --resource "web_search"
# Allow only read-only tools for low-trust agentsmp policy add --name "read-only" --effect deny --actor "intern-bot" --action "call" --resource "file_write"Ask your MCP-connected agent:
Block shell access
Audit all web searches
Deny file_write for intern-bot