Interesting approach to the bloat problem. One angle worth considering as you're rewriting responses: the proxy layer is also a natural place to handle tool description integrity. We've been researching invisible Unicode in MCP tool descriptions tag blocks (U+E0001–U+E007F) that are invisible to humans but parsed by the model as instructions. They pass through every layer of the current pipeline untouched. Since mcp-slim is already sitting between the server and Claude, stripping non-printable codepoints from tool descriptions during proxy generation would be a low-cost addition that closes a real attack surface.
Interesting approach to the bloat problem. One angle worth considering as you're rewriting responses: the proxy layer is also a natural place to handle tool description integrity. We've been researching invisible Unicode in MCP tool descriptions tag blocks (U+E0001–U+E007F) that are invisible to humans but parsed by the model as instructions. They pass through every layer of the current pipeline untouched. Since mcp-slim is already sitting between the server and Claude, stripping non-printable codepoints from tool descriptions during proxy generation would be a low-cost addition that closes a real attack surface.
I've fixed this issue. https://github.com/uaziz1/mcp-slim/issues/1
Thank you for raising it.
Fast turnaround. Glad the flag was useful.
[dead]
Anyone that has multiple MCPs connected to their claude code will find this project extremely useful.