MITRE ATT&CK MCP Server

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure. It states what the tool does but doesn't describe important behaviors: whether it's a read-only operation, what format the output takes, if there are rate limits, authentication requirements, or error conditions. The description is purely functional without operational context.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is efficiently structured with a clear purpose statement followed by parameter explanations. Every sentence adds value: the first states the tool's function, and the Args section provides necessary parameter context without redundancy. The formatting with bullet-like Args improves readability.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a tool with 3 parameters, no annotations, and no output schema, the description provides adequate functional information but lacks operational context. It explains what the tool does and what parameters mean, but doesn't describe output format, error handling, or system constraints. Given the complexity (querying relationships in a security database), more behavioral context would be helpful.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description provides meaningful parameter information in the Args section, explaining what each parameter represents. With 0% schema description coverage, this compensates well: 'software_stix_id: Software STIX ID to check what techniques are associated with it' clarifies the identifier purpose, 'domain' lists valid values, and 'include_description' explains the boolean flag. However, it doesn't specify format requirements for software_stix_id or elaborate on domain implications.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Get techniques used by software' specifies the verb (get) and resource (techniques) with the relationship (used by software). It distinguishes from siblings like 'get_software_using_technique' (reverse relationship) and 'get_all_techniques' (unfiltered list). However, it doesn't explicitly contrast with 'get_techniques_used_by_group_software' which might be similar.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

No guidance is provided on when to use this tool versus alternatives. The description doesn't mention prerequisites, typical use cases, or comparison to similar tools like 'get_techniques_used_by_group' or 'get_techniques_used_by_campaign'. The agent must infer usage from the tool name alone.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.