Drop your ASIN - get an optimized listing and push it to Amazon Seller Central in one click. Drop your ASIN - get an optimized listing, push to Amazon. Try it →Tools are what turn an LLM into an agent. Without tools, you have a model that talks. With tools, you have software that acts. This page covers the four kinds of tools that show up in production, the Model Context Protocol that's standardizing how agents call them, and the Amazon Ads MCP Server launch in February 2026 that changed what's practical to build.
A tool is any external function an AI agent can call to gather information or act on the world. Capabilities are the categories of work an agent can do based on which tools it has access to. More tools, more capabilities. Better tools, better capabilities.
Every tool an agent calls falls into one of four categories. Understanding the categories helps you read agent vendor pitches accurately.
The agent calls an external HTTP API. Pulls data or triggers an action. For Amazon-seller agents, the dominant APIs are Amazon's SP-API (catalog, orders, inventory) and Amazon Ads API (campaigns, bids, reports). Third-party APIs like Keepa for price history, Helium 10 Cerebro for keyword data, Jungle Scout for market intelligence.
APIs are the workhorse tool type. Most of what an agent does to a live Amazon account flows through API calls.
The agent searches a knowledge base for relevant information before answering. Brand guidelines, prior conversations, your category benchmarks, Amazon's style rules. The agent embeds a query, searches a vector database, retrieves the most relevant chunks, and pulls them into context.
Covered in the memory and learning guide. RAG is technically a memory feature, but it's implemented as a tool the agent calls, so it shows up here too.
The agent runs code to do work that's hard to do in pure language. Number crunching, file processing, web scraping, data transformations. Python is the dominant language in production agent setups.
Code execution is powerful but adds attack surface (sandboxing matters) and cost. Most ecommerce-seller agents don't need code execution. Data agents and research agents often do.
The agent calls a different model to do a specialized job. Text generation calling an image model. A reasoning model calling a faster transcription model. A planner LLM dispatching work to a vision LLM.
Common in image-generation pipelines (the agent reasons in Claude, generates images with Imagen 3) and in transcription workflows (the agent uses Whisper for speech, then Claude for synthesis).
Here's a counterintuitive finding from running SellerShorts for six months: upgrading the underlying model usually matters less than improving the tools the agent can call. Two reasons.
First, in well-designed agents, the model does mostly reasoning and writing. The hard work is done by tools. SP-API fetches the actual listing data. The image model generates the actual image. The model orchestrates and synthesizes. If the tools are weak (stale data, slow responses, missing capabilities), no model upgrade fixes that.
Second, tool failures are the single biggest source of bad agent output. Hallucinations get the press, but in production, "the SP-API call returned stale data" is the more common root cause of bad answers. Better tools, better data, better answers.
Anthropic's Building Effective Agents notes the same pattern from their side: most production failure modes are around tool integration and error handling, not model reasoning.
MCP is one of the biggest practical changes in the agent ecosystem in 2025-2026. Worth understanding what it is and why it matters.
Before MCP, every tool an agent could call needed a custom integration. The agent vendor wrote bespoke code to handle each tool's authentication, parameter format, and response shape. Adding a new tool was engineering work. Switching agent frameworks meant rewriting all the tool integrations.
MCP (introduced by Anthropic in late 2024) is an open standard for how agents declare and call tools. A tool provider exposes an MCP server. An MCP-compatible agent can connect to any MCP server and use its tools without custom integration code. The protocol handles authentication, parameter passing, and response formatting.
Result: tools become portable across agent frameworks. Vendors can publish MCP servers and any compliant agent can use them. The ecosystem becomes composable instead of bespoke.
Amazon shipped the Amazon Ads MCP Server in open beta on February 2, 2026. This is the production-scale MCP example most relevant to ecommerce sellers. Per coverage on ppc.land and Amazon's own announcement, it exposes Amazon Ads operations (campaign management, bid changes, reporting, search-term analysis) through the open MCP standard.
What this means in practice: any Claude-based, GPT-based, or custom agent that speaks MCP can now manage Amazon Ads campaigns without a custom integration. The barrier to entry for new Amazon Ads agents dropped sharply. Expect more competition and lower prices in Amazon PPC tooling over the next 12 months.
MCP standardizes how agents call tools. It doesn't make the agents themselves any smarter. A weak agent with MCP access is still a weak agent. The quality of the orchestration, system prompts, and memory still matters as much as ever.
MCP also doesn't bypass Amazon's compliance policies. The March 4, 2026 Amazon BSA Agent Policy applies to agents using MCP just like it applies to agents using direct API calls. We cover the policy in the Amazon-cluster (launching as Stage 3 of this rebuild).
Just because an agent can call a tool doesn't mean it should. Production agents use capability scoping to limit what the agent has access to.
Concrete example. A listing-optimization agent might have access to:
It explicitly does NOT have access to:
This is the principle of least privilege applied to agents. Scope the tools to exactly what the job needs. Anything outside scope is unavailable, even if the model "wants" to call it.
SellerShorts implements this via OAuth-scoped capabilities. When the seller authorizes an AI Tool, they grant specific capabilities. The agent literally cannot do anything outside those capabilities. This is also a compliance requirement under the March 4, 2026 Amazon Agent Policy.
Three patterns I've seen kill otherwise-promising agents.
The agent doesn't know which tool to call because the tool descriptions are ambiguous. "Get product info" vs "Get product info by ASIN, including title, bullets, description, and current price. Use this when you need any catalog data." The second works, the first doesn't.
SP-API returns an empty payload on a transient error. The agent assumes that's the real answer and proceeds with bad data. Good tools surface clear errors. Bad tools return zeros and let the agent guess.
The agent hits the same tool 50 times in a single run because no one told it the tool's rate limit. Halfway through, the calls start failing. The agent loops, trying to recover, burning tokens and time. Real production agents communicate rate limits to the model so it can plan accordingly.
If you're considering an agent for your business, four questions about tools and capabilities cut through the marketing.
Different agent categories need different tool stacks. A quick reference.
| Agent category | Typical tool stack |
|---|---|
| Listing optimization | SP-API (catalog, search terms), competitor scraping, Amazon style rules tool |
| PPC management | Amazon Ads MCP Server (or direct Ads API), historical performance DB |
| Inventory forecasting | SP-API (inventory, sales), supplier lead-time DB, seasonality model |
| Image generation | Image-gen model (Imagen 3, Flux, Midjourney), background-removal tool, brand-conformance checker |
| Review monitoring | SP-API (reviews), sentiment classifier, Amazon messaging policy checker |
| Product research | Keepa, Helium 10 Cerebro, Jungle Scout, market data APIs |
Three meaningful shifts in tool ecosystems.
Four categories: API calls (the workhorse type, including Amazon SP-API and Amazon Ads API), retrieval (RAG, searching a knowledge base), code execution (running Python or similar to crunch numbers or scrape data), and calls to other models (a reasoning LLM dispatching work to an image model or vision model). Every production agent uses some mix of these four.
MCP is an open standard introduced by Anthropic in late 2024 for how AI agents declare and call tools. A tool provider exposes an MCP server. Any MCP-compatible agent can connect and use its tools without custom integration code. The protocol handles authentication, parameter passing, and response formatting. The result is tools become portable across agent frameworks.
Amazon shipped the Amazon Ads MCP Server in open beta on February 2, 2026. It exposes campaign management, bid changes, reporting, and search-term analysis through the open MCP standard. Any Claude-based, GPT-based, or custom agent that speaks MCP can now manage Amazon Ads without a custom integration. Expect more competition and lower prices in Amazon PPC tooling over the following 12 months.
In well-designed agents, the model does mostly reasoning and writing. The hard work is done by tools. SP-API fetches the actual listing data, the image model generates the actual image, and the LLM orchestrates and synthesizes. If the tools are weak (stale data, slow responses, missing capabilities), no model upgrade fixes that. Tool failures are the single biggest source of bad agent output in production.
Capability scoping is the principle of least privilege applied to agents. You grant the agent access to exactly the tools the job needs and nothing else. A listing-optimization agent might have read access to SP-API getCatalogItem but no write access to putListingsItem. SellerShorts implements this via OAuth-scoped capabilities approved by the seller at install time, which is also a compliance requirement under the March 4, 2026 Amazon BSA Agent Policy.
Every SellerShorts agent declares exactly which SP-API capabilities it needs. You see them, you approve them at OAuth time, and the agent literally cannot do anything outside scope.
Browse SellerShorts agents
sellershorts