02 concepts

Tools, skills & MCP

Every capability an agent has comes from one of three sources. Tools ship in the box. Skills are packaged extensions you install. MCP servers are external tool providers connected over an open protocol. This page tells you which is which and when to reach for each.

The three sources

Tools are the built-in capabilities. They ship with Exolvra and are always available — you just check a box on the agent edit page to grant an agent access to one. Web search, file system access, shell execution, the data store, the task board, memory, sending email — these are all built-in tools. They’re the foundation; most agents only need these.

Skills are packaged extensions you install. A skill is a bundle of code, configuration, and (optionally) data that adds a new capability to an agent. You install skills once, review them for safety, and then grant per-agent access. Think of skills as “tools plus a little more” — they can do things built-in tools can’t, but you’re responsible for trusting what you install.

MCP servers are external tool providers connected over the Model Context Protocol — an open standard. Anyone can write an MCP server, publish it, and any MCP-aware platform (including Exolvra) can connect to it. Exolvra ships with a curated catalogue of community MCP servers you can install with a click. MCP is how you get agents talking to your database, your CRM, your internal APIs, or any SaaS that has an MCP endpoint.

All three layer cleanly. An agent can use built-in tools and skills and MCP servers in the same session — they appear in the agent’s tool set as a unified list, and the agent doesn’t know (or care) which category a given capability came from.

Built-in tools

The built-in tool set is the floor. Every Exolvra instance has them; every agent can be granted any subset. They include:

web_search and web_fetch — for research and information gathering
file_system — read, write, edit files in the agent’s workspace
shell — execute shell commands (sandboxed or unsandboxed depending on session type)
data_store — save structured, versioned data organised by project
task_board — create and update tasks the agent is working through
memory — save, search, and retrieve memories
send_email — transactional email (when a provider is configured)
project — create projects, goals, and issues; update assignees
sessions_send, sessions_notify, sessions_broadcast — inter-agent communication
web_fetch, screen_capture, pdf, image_generation, speech_to_text, text_to_speech — various media operations

Plus a few dozen more. The full catalogue is visible in the agent editor when you’re picking tools to grant.

Use built-in tools when you can. They’re the best-maintained, the safest, and the most integrated. If a built-in covers your need, don’t reach for a skill or an MCP server.

Skills

A skill is a bundle you install into Exolvra to add a capability that isn’t built in. Skills are hosted in a file tree under your data directory, and each one contains a manifest describing what it does and what permissions it needs.

Skills fall into two categories:

Bundled skills — ship with Exolvra and are immediately available
User-installed skills — you add them yourself, either from a local file or (in the future) from a community marketplace

User-installed skills pass through an approval flow before any agent can use them. An admin reviews the skill, decides it’s safe, and explicitly approves it. Until then, the skill is loaded but disabled. This is the safety net against installing something you don’t fully trust.

Per-agent access control layers on top: even after a skill is approved system-wide, you can decide which agents are allowed to use it. The Data Analyst can have a plotting skill that the Code Assistant doesn’t see.

Use skills when you need a capability that isn’t built in, is too specific or stateful for MCP, and you want the skill’s code running inside your own Exolvra process.

MCP servers

MCP — the Model Context Protocol — is an open standard for connecting AI agents to external tool providers. An MCP server is a small program that exposes one or more tools over a standard interface. Exolvra is an MCP client — it connects to MCP servers and makes their tools available to agents.

The big unlock is the community. There are already hundreds of MCP servers covering:

Databases — Postgres, MySQL, SQLite, MongoDB, Redis
SaaS — Linear, Notion, Asana, Jira, Slack, GitHub, GitLab, Stripe, Intercom
Cloud — AWS, GCP, Cloudflare, Vercel, Datadog, Sentry
Search — Brave, Exa, Tavily, Perplexity
Custom — anything you build yourself

Exolvra ships with a curated MCP Library — a catalogue of ~35 community servers vetted for quality and kept current. Install any of them from the dashboard with one click, provide credentials, and they become available as tools agents can call.

MCP servers come in two transport flavours:

Stdio — Exolvra spawns the server as a subprocess on the host machine. Needs a local runtime (Node.js or Python typically). Covers most community servers.
HTTP / SSE — Exolvra connects to a hosted endpoint over the network. No local runtime required. Covers all the cloud-hosted MCPs (Zapier, Pipedream, Cloudflare, etc.).

Stdio MCPs run on your host and can read your files if you let them. HTTP MCPs run on someone else’s server and only see what you send them.

Use MCP when you need a capability that’s already available as a community server — integrating with a specific SaaS, a specific database, a specific cloud provider. Don’t write a custom skill when a battle-tested MCP server does the same job.

How to choose

The simple decision tree:

Can you do it with a built-in tool? → Use the built-in tool.
Does a community MCP server already do it? → Install the MCP server.
Is it specific to your deployment and not worth making public? → Write a skill.
Does it need to run on a machine Exolvra can’t reach? → Wrap it as an HTTP MCP server.

Most real Exolvra deployments end up with 90% of their capability from built-in tools, 5-10% from a handful of installed MCP servers (databases, one or two SaaS integrations), and occasionally a custom skill or two.

Access control

All three categories share the same access control model: per-agent grants. A capability existing in the platform doesn’t mean every agent can use it. You grant access explicitly on the agent edit page, and the platform enforces the grant on every tool call.

This matters because agents can and will try to use any tool they think would help. If you haven’t granted shell to the research agent, the research agent can’t run shell commands, even if it decides it wants to. Defense in depth.

Cloud mode (enabled from Config → Budget & Security) applies an additional override: in cloud mode, the filesystem, shell, and browser tools are unreachable from any agent, regardless of individual grants. This is the multi-tenant safety posture — use it when you’re hosting Exolvra for people whose trust boundary is narrower than your own.

Where to go next

Skills — browse and manage installed skills
MCP Library — the curated catalogue of community servers
MCP setup — install the Node / Python runtimes stdio MCPs need
Agents & chatbots — where tool grants live
Admin → Security — cloud mode and capability hardening