diff --git a/src/agent_loop.py b/src/agent_loop.py
index 653baa9..a044d8c 100644
--- a/src/agent_loop.py
+++ b/src/agent_loop.py
@@ -467,7 +467,7 @@ _API_HOSTS = frozenset([
     # schemas and the agent silently degrades to fenced-block parsing.
     "localhost", "127.0.0.1", "host.docker.internal",
 ])
-_MCP_KEYWORDS = frozenset(["browse", "browser", "website", "calendar", "event", "email",
+_MCP_KEYWORDS = frozenset(["mcp", "browse", "browser", "website", "calendar", "event", "email",
                            "gmail", "screenshot", "navigate", "click", "miniflux", "rss", "feed"])
 _ADMIN_SCHEMA_NAMES = frozenset([
     "manage_session", "manage_skills", "manage_tasks",
diff --git a/tests/test_agent_loop.py b/tests/test_agent_loop.py
index e30a87b..c993637 100644
--- a/tests/test_agent_loop.py
+++ b/tests/test_agent_loop.py
@@ -38,6 +38,7 @@ try:
         _detect_admin_intent,
         _compute_final_metrics,
         _append_tool_results,
+        _MCP_KEYWORDS,
     )
     _IMPORTED_AGENT_LOOP = sys.modules.get("src.agent_loop")
 finally:
@@ -57,6 +58,10 @@ def test_import_stubs_do_not_leak_into_later_tests():
         assert sys.modules.get("src.agent_loop") is not _IMPORTED_AGENT_LOOP
 
 
+def test_mcp_keyword_gate_matches_literal_mcp_requests():
+    assert "mcp" in _MCP_KEYWORDS
+
+
 # ---------------------------------------------------------------------------
 # _detect_admin_intent
 # ---------------------------------------------------------------------------