Shrike Security MCP Server

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It effectively describes the tool's behavior by listing specific checks (PII, data exfiltration patterns, blocked domains) and the return structure (blocked status, threat type, severity, etc.), providing clear context on what the tool does and outputs. It does not mention rate limits, auth needs, or destructive effects, but covers core functionality well.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately sized and front-loaded, starting with the core purpose in the first sentence. It uses bullet points for checks and returns to enhance readability without wasted words, making every sentence earn its place efficiently.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's moderate complexity (security scanning with 2 parameters) and no output schema, the description provides good completeness by detailing checks and return values. It covers what the tool does and outputs, though it lacks information on error handling or performance considerations, which would make it fully comprehensive.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 100% description coverage, with clear descriptions for both parameters (query and targetDomains). The description does not add meaning beyond the schema, as it does not explain parameter usage or semantics. However, the baseline is 3 since the schema adequately documents the parameters.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose with a specific verb ('scans') and resource ('web search query'), explaining it checks for security issues before execution. It distinguishes itself from siblings like scan_file_write or scan_sql_query by focusing on web search queries specifically, not files, prompts, or SQL.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage context by stating it scans 'before execution for security issues,' suggesting it should be used prior to running a web search. However, it does not explicitly state when to use this tool versus alternatives like get_threat_intel or report_bypass, nor does it provide exclusions or detailed prerequisites.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.