I use this pattern with mcp-cli, and I do that instead of a curl request for two reasons: 1) not leaking my creds into the agent session, and 2) so I can allowlist / denylist specific tools on an MCP server, which I can't do as easily if I give the agent an API token and curl.