Slim Tools
Slim Tools appears to be a hosted tool-orchestration runtime for AI agents. Instead of giving an agent a long list of separate MCP servers and API integrations, Slim Tools gives it one MCP URL plus two tools, then handles discovery and execution behind the scenes.
As checked on June 22, 2026, Slim Tools has a very sparse public documentation surface. Most of what is publicly verifiable comes from the landing page at slim.tools. Where this guide goes beyond that, I explicitly call it an inference.
1. What Slim Tools is​
The public homepage describes Slim Tools as a:
- tool orchestration runtime for AI agents
- exposed through one MCP endpoint:
https://slim.tools/mcp - presenting two model-facing tools:
discover_toolsexecute_code
The core pitch is simple:
- the agent should spend context on judgment
- not on giant tool catalogs
- not on manual tool-call loops
- not on coordinating multiple upstream systems
In other words, Slim Tools tries to move tool routing and orchestration out of the prompt and into a runtime layer.
2. What is publicly confirmed​
From the public site, Slim Tools currently claims:
- one MCP URL for agent clients such as Claude, Codex, and Cursor
- a model-facing interface centered on:
discover_toolsfor capability searchexecute_codefor sandboxed execution
- runtime handling for:
- service discovery
- branching
- batching
- filtering
- fan-out across MCP and OpenAPI services
- a sandboxed runtime
- handling of:
- OAuth
- whitelisting
- output limits
- logs
- tool-call metadata
The landing page also shows a currently indexed upstream catalog of:
- 8 upstreams
- 76 tools indexed
and visually lists integrations or OAuth connections for:
- GitHub
- Linear
- Notion
- Railway
- Stripe
- Figma
- Slack
- Cloudflare
Because those counts are dynamic, treat them as true for June 22, 2026, not as permanent product guarantees.
3. What Slim Tools is probably doing​
This section is an architectural inference from the public homepage, plus the official MCP and OpenAPI specs.
The best way to think about Slim Tools is:
- not as "yet another single MCP server"
- but as an MCP gateway and orchestration layer
- sitting between your agent client and many upstream tool providers
That matters because MCP itself is just a standard for connecting AI applications to external systems, while OpenAPI is a standard way to describe HTTP APIs so both humans and machines can understand what a service can do.
Slim Tools seems to combine those two worlds:
- upstream MCP servers
- upstream OpenAPI-described services
- one unified agent-facing MCP endpoint
Likely architecture​
Claude / Codex / Cursor
|
v
https://slim.tools/mcp
|
v
discover_tools + execute_code
|
v
orchestration runtime
|
+--> MCP upstreams
+--> OpenAPI services
+--> OAuth handling
+--> sandboxed execution
+--> branching / batching / fan-out
So instead of wiring:
- GitHub MCP
- Linear MCP
- Slack MCP
- a Stripe OpenAPI client
- a Railway OpenAPI client
directly into every agent setup, Slim Tools appears to sit in the middle and normalize that complexity.
4. Why this is interesting​
The biggest benefit​
Slim Tools is trying to solve a real pain point in agent systems:
- too many tools
- too much model context spent on tool descriptions
- too much brittle prompt logic around discovery and sequencing
In plain English​
Without something like Slim Tools, an agent often has to:
- know which server probably contains the right tool
- search across multiple catalogs
- decide which tool names matter
- call them in the right order
- keep a lot of tool metadata in context
Slim Tools claims to reduce that to:
- search with
discover_tools - run a composed flow with
execute_code
If it works as advertised, that is genuinely useful.
5. Best use cases​
Slim Tools looks strongest when you have:
- multiple SaaS systems
- multiple tool providers
- multiple MCP-compatible clients
- a desire to keep your agent prompt layer small and stable
Strong fits​
| Use case | Why it fits |
|---|---|
| Cross-tool workflows | Example: GitHub -> Railway -> Slack |
| One team, many MCP clients | Claude, Codex, and Cursor can point to one runtime |
| Tool-heavy agents | Useful when raw tool catalogs are getting too large |
| OAuth-heavy integrations | Useful if you want sign-in handled once instead of per-client chaos |
| Agents that need orchestration, not just invocation | Branching, batching, and fan-out are the key value |
Less compelling fits​
| Use case | Why it may not fit |
|---|---|
| One or two simple tools only | Direct MCP may be simpler |
| Strict self-hosting or on-prem requirements | No public self-hosting docs were visible |
| Very sensitive internal infrastructure | You should ask hard security questions first |
6. What the example on the site implies​
The landing page shows a short flow:
discover_toolsfor "create a github repository"discover_toolsfor "create a railway project, link a github repo"execute_codeto run:github.create_reporailway.create_projectrailway.link_github_repo
That example is important because it shows the product is not just doing:
- tool lookup
but also:
- multi-step execution planning
- cross-provider composition
- runtime fan-out
This is the real product story.
7. Strengths​
1. Cleaner agent context​
The strongest idea here is reducing prompt bloat.
If the model only sees:
discover_toolsexecute_code
instead of dozens of vendor-specific tool definitions, context can be spent on the actual task.
2. Better multi-client reuse​
One upstream tool graph for:
- Claude
- Codex
- Cursor
is much cleaner than setting up a different integration story for each client.
3. Better cross-service workflows​
A lot of real work is not one tool call. It is:
- GitHub plus Linear
- GitHub plus Railway
- Notion plus Slack
- Stripe plus Cloudflare
Slim Tools is clearly optimized for those cases.
4. Better abstraction over raw OpenAPI​
Raw OpenAPI specs can be powerful but noisy. Wrapping them in a runtime that performs search, filtering, and execution planning can make them much more usable for agents.
8. Risks and trade-offs​
1. Public documentation is currently thin​
This is the first thing I would flag.
From the public web surface I could confirm:
- the positioning
- the MCP endpoint
- the two tool names
- the general execution model
But I could not confirm from public docs:
- pricing
- deployment model options
- self-hosting
- on-prem support
- data residency
- retention policy details
- tenant isolation details
- audit or compliance posture
- exact client configuration snippets
That does not mean those things do not exist. It means they are not publicly obvious.
2. It adds a new trust layer​
If you adopt Slim Tools, you are not only trusting:
- your model provider
- your SaaS providers
You are also trusting:
- the orchestration runtime in the middle
That is a perfectly reasonable trade in some teams, but it is not a small one.
3. Possible vendor concentration​
The upside of one MCP URL is simplicity.
The downside is that your tooling graph may become dependent on one hosted runtime layer.
4. Sandboxed execution still needs scrutiny​
"Sandboxed runtime" is a good sign, but you still need to ask:
- what can
execute_codereach? - what is allowed outbound?
- what credentials are available?
- how is isolation enforced?
- what logs are retained?
9. How I would use it​
Good adoption pattern​
- start with one narrow workflow
- connect only a small set of upstream services
- verify that
discover_toolsreturns clean, relevant matches - verify that
execute_codeproduces auditable, bounded behavior - only then expand the catalog
Good first workflows​
- create a repo and post a Slack message
- create a Linear issue and update Notion
- provision a small deployment path across GitHub and Railway
Those are good tests because they are:
- multi-step
- cross-provider
- easy to validate
10. When to choose Slim Tools over direct MCP​
Choose direct MCP when:
- you only need a few tools
- you want maximum transparency
- you want fewer moving parts
- you are building your own orchestration anyway
Choose Slim Tools when:
- you have too many tools already
- your agents are wasting context on tool catalogs
- your workflows span multiple providers
- you want one shared tool runtime across multiple agent clients
My practical framing​
Slim Tools does not look like a replacement for MCP.
It looks like a higher-order runtime on top of MCP and OpenAPI.
That is the right way to evaluate it.
11. Questions I would ask before adopting it​
If you are considering it seriously, ask these before rollout:
- Is there a self-hosted or private deployment option?
- Where do OAuth tokens and secrets live?
- What exactly can
execute_codedo, and what is blocked? - Is there tenant isolation, and how is it implemented?
- Are there audit logs and exportable execution traces?
- What is retained from prompts, tool calls, results, and logs?
- How are upstream OpenAPI specs normalized and versioned?
- What happens when an upstream tool changes shape or permissions?
- Is there rate limiting, approval flow, or policy control per tool/provider?
- Is there a public pricing model and SLA?
If those answers are strong, Slim Tools becomes much more attractive.
12. Bottom line​
Slim Tools looks promising because it targets a real architectural problem:
- too many tools
- too much context waste
- too much orchestration logic pushed into the model
From the public surface available on June 22, 2026, the product appears best understood as:
- a hosted MCP gateway
- plus OpenAPI orchestration
- plus a sandboxed execution runtime
for multi-tool, multi-provider agent workflows.
My recommendation:
- be interested
- evaluate it on one real workflow
- but do not treat it as fully understood from the public docs alone
Right now, it looks like a smart idea with a still-thin public documentation layer.