Scan text to detect exposed credentials such as API keys, passwords, and tokens. Optionally mask found credentials for safety.
Scan text for exposed credentials (API keys, passwords, tokens, SSH keys)
| Name | Required | Description | Default |
|---|---|---|---|
| text | Yes | Text to scan for credentials | |
| mask_findings | No | Mask detected credentials in output |
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations are provided, so the description must disclose behavioral traits. It only states the scanning function, omitting key details such as whether the tool modifies the input, what it returns, or any performance implications. The 'mask_findings' parameter hints at output masking but is not explained.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single, front-loaded sentence that efficiently conveys the core functionality. No extraneous information is present.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the simplicity of the tool, the description lacks crucial details such as output format, behavior when credentials are found vs. not, and how masking works. Without an output schema, these omissions hinder complete understanding.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Both parameters are well-described in the input schema (100% coverage). The description adds no further semantic value beyond the schema definitions, meeting the baseline expectation but not exceeding it.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool scans text for exposed credentials, listing specific types (API keys, passwords, tokens, SSH keys). This distinct purpose is easily differentiated from sibling tools like 'prompt-injection-detector' or 'url-security-validator'.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implies use for credential detection but offers no explicit guidance on when to use or not use this tool versus alternatives. No context on potential false positives or limitations is provided.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/AIM-Intelligence/AIM-MCP'
If you have feedback or need assistance with the MCP directory API, please join our Discord server