[quietbuilder]

Dynamic tool registration matters more than it sounds. I've hit the context limit multiple times just from MCP servers loading 50+ tools at startup, most of which the agent never touches.

The Trello example is fine but I keep coming back to the security piece. If agents can spin up tools with credentials baked in, what's stopping a tool from dumping those credentials through its output? "Encrypted at rest" handles storage, sure. But at runtime those credentials are sitting in memory and passing through the response chain. Nobody seems to talk about that part.

Other thing — do dynamically created tools survive a restart? Or am I recreating them every session?