Skip to main content
Your AI agent sees UniversalBench as three purpose-built tools: ub_read for read-only queries, ub_write for code execution and writes, and ub_ai for web search and LLM calls. Each tool accepts multiple optional input fields. Your AI picks the right tool based on what it needs to do.

What is in the AI context

When your AI client connects to UniversalBench, it pulls a tool list like this:
Each input is independent. Your AI fills in whichever fields it needs for a given call. Most calls use one or two fields.

Why three tools with multiple inputs each

The three-tool split keeps intent clear. ub_read is always safe to call, ub_write changes state, ub_ai has additional cost. Your AI makes better decisions when the tool name already signals the category. Within each tool, capabilities are input fields rather than separate tools. This keeps the schema compact and reduces the chance of your AI hallucinating a tool name.

How to help your AI choose well

1. Name the capability you want

If you want a specific input field, name it. AIs are good at fuzzy matching but explicit is always faster.
Use UniversalBench to search the web for current data on solar panel efficiency
instead of
Look up some current information about solar panels

2. Pass context once

If your task involves the same dataset or session across many calls, mention it at the top of the conversation. Most MCP clients carry context across turns.
We are working in session_id q3_analysis for this entire conversation. Load the CSV once and reuse the dataframe.

3. Trust the sandbox

Code runs in a sandboxed environment. You do not need to add “be careful” warnings. Be specific about what you want and let UniversalBench handle the execution.

What your AI does not see

  • Your URL token (the client holds the URL, never echoes the token back into the AI context)
  • Other customers’ data (every call is scoped to the customer your URL belongs to)
  • The workbench internal state from previous calls (unless you pass session_id)
  • Stored secret values (only their names appear in tool calls)
Because auth lives in the URL path and not in your prompts, even a fully recorded conversation transcript does not expose your credentials.