Agent checks can wrongly fail secure MCP and OpenAPI sites

Checking whether agents can read and call a website needs more than trying a few default addresses. A site may list its OpenAPI document and inside llms.txt, and those links may be on another domain or use .json or .yaml. A checker should read llms.txt and follow the links it declares.

MCP cannot be tested with a simple page request; it needs a JSON-RPC initialize request sent without an Origin header. A properly secured server may reject a plain GET request or a request that looks like it came from a browser, and that rejection should not be treated as a broken setup. Cloudflare may block anonymous , so a checker should identify itself with a named user agent and mark blocked checks as “could not check,” not as failures.

If a tool advertises outputSchema but does not return structuredContent, standards-based clients may reject tools/call with a -32600 error even while the server logs show 200 responses.

Key points

  • Read llms.txt first because it may point to the real OpenAPI document and .
  • Test MCP with a JSON-RPC initialize request, not a simple GET request.
  • A secure server may correctly reject requests with an Origin header or browser-like behavior.
  • Bot blocking by Cloudflare should be reported as “could not check,” not as a failed .
  • A mismatch between outputSchema and structuredContent can make clients reject even when server logs show 200 responses.
Read original