update_auth_user

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It effectively adds critical context: the 'WARNING: Password handling is insecure' highlights a security risk, and 'Requires service_role key and direct DB connection' specifies authentication and connection requirements. This goes beyond what the input schema provides, covering safety and operational constraints that are essential for an agent to understand the tool's behavior.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately sized and front-loaded, with the core purpose stated first ('Updates fields for a user in auth.users'), followed by critical warnings and requirements. Every sentence earns its place by adding essential information without redundancy. It's concise yet comprehensive for its length, making it easy for an agent to parse quickly.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity (6 parameters, no output schema, no annotations), the description does a good job of being complete enough. It covers the purpose, security warnings, and prerequisites, which are crucial for a mutation tool. However, it doesn't explain return values or error handling, and with no output schema, this leaves a minor gap. For a tool with significant behavioral implications, it's mostly adequate but could be slightly more comprehensive.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the input schema already documents all parameters thoroughly. The description doesn't add any additional meaning or context about the parameters beyond what's in the schema. According to the rules, when schema coverage is high (>80%), the baseline score is 3 even with no param info in the description, which applies here.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the verb ('Updates') and resource ('fields for a user in auth.users'), making the purpose immediately understandable. It doesn't explicitly differentiate from sibling tools like 'create_auth_user' or 'delete_auth_user', but the 'update' action is distinct enough to imply difference. The description is specific about what gets updated (user fields) rather than being vague or tautological.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides some usage context with 'Requires service_role key and direct DB connection', which indicates prerequisites. However, it doesn't explicitly state when to use this tool versus alternatives like 'create_auth_user' or 'delete_auth_user', nor does it provide exclusions or comparisons. The guidance is implied rather than explicit, leaving some ambiguity about optimal use cases.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.