Test web applications for SQL injection vulnerabilities by automating SQLMap scans with configurable depth and risk levels.
Test for SQL injection vulnerabilities with SQLMap
| Name | Required | Description | Default |
|---|---|---|---|
| target | Yes | Target URL to test | |
| level | No | Test level 1-5 (thoroughness, default: 1) | |
| risk | No | Risk level 1-3 (invasiveness, default: 1) | |
| data | No | POST data (e.g., 'username=admin&password=pass') |
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations, the description bears full responsibility. It fails to disclose that SQLMap sends potentially malicious payloads that could disrupt or damage the target, nor does it mention authorization requirements, invasiveness, or response format. The description is misleadingly benign.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single sentence without fluff, achieving conciseness. However, it sacrifices informativeness—it states the purpose but lacks structure (e.g., no bullet points or additional context). It earns its place but could be more effective.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given 4 parameters, no annotations, and no output schema, the description is severely incomplete. It does not explain what the tool returns (e.g., vulnerability list), how to interpret results, or safety considerations. The complexity of SQLMap scanning demands richer context.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
All 4 parameters have descriptions in the schema (100% coverage). The description itself adds no extra meaning beyond the schema, so baseline 3 is appropriate. No enrichment like usage examples or constraints is provided.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool tests for SQL injection vulnerabilities using SQLMap. This distinguishes it from sibling tools like dirb_scan (directory brute force) or nmap_scan (network scanning), as it specifically targets SQL injection via a well-known tool.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
No guidance is provided on when to use this tool versus alternatives. There is no mention of prerequisites, target suitability, or avoidance conditions (e.g., 'use only with explicit permission'). The description lacks any contextual direction.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/AlessandroAnnini/kali-mcp-server'
If you have feedback or need assistance with the MCP directory API, please join our Discord server