This study addresses the critical issue of Description-Code Inconsistency (DCI) in Model Context Protocol (MCP) servers, where mismatches between tool descriptions and their code implementations can lead large language models to misuse tools or introduce security vulnerabilities. The work formally defines DCI for the first time and introduces a taxonomy encompassing functional deviations and undeclared side effects. To detect such inconsistencies, the authors propose DCIChecker, an automated framework that combines structure-aware static analysis with a novel Direct-Reverse-Arbitration prompting strategy to enable semantic-level consistency verification. A large-scale empirical analysis of 19,200 description-code pairs reveals that 9.93% exhibit DCI, potentially causing operational failures or covert malicious behaviors. Based on these findings, the paper further outlines strategies to enhance semantic consistency in tool specifications.

The Model Context Protocol (MCP) has emerged as a critical standard empowering Large Language Models (LLMs) to utilize external tools. In this ecosystem, LLMs rely on natural language descriptions provided by MCP servers to select and execute functions. This interaction implicitly assumes that tool descriptions faithfully reflect their underlying implementations, while this assumption is not mandatorily verified in practice. As a result, MCP deployments may suffer from a problem named Description-Code Inconsistency (DCI), where a tool's description of its capabilities and security boundaries is not consistent with what the code actually does. In this paper, we present a comprehensive study of DCI in real-world MCP servers. We formally define the problem and propose a comprehensive taxonomy spanning functionality inconsistencies and undeclared side effects. Guided by this taxonomy, we develop DCIChecker, an automated framework that combines structure-aware static analysis with the Direct-Reverse-Arbitration prompting method to cross-validate tool descriptions against actual code implementations. We apply this framework to a large-scale dataset comprising 19,200 description-code pairs extracted from 2,214 real-world MCP servers. Our measurement reveals that DCI is widespread, with 9.93% of these pairs exhibiting inconsistencies. We further demonstrate that DCI creates a critical defense blind spot, facilitating varied risks from operational failures to stealthy malicious behaviors. Finally, we propose mitigation strategies to enforce semantic consistency and enhance the reliability of the emerging agentic ecosystem.