Calculate the import hash (imphash) of a PE file for malware variant identification. Returns empty string for non-PE formats.
Return the PE import hash (imphash) for path.
Imphash is the MD5 of the normalized import table — used for malware variant identification. Returns an empty string for non-PE formats.
| Name | Required | Description | Default |
|---|---|---|---|
| path | Yes |
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations, the description carries the full burden. It discloses the return value for non-PE formats (empty string) but does not specify behavior for invalid paths, missing files, or access errors. The safety profile (e.g., read-only) is implied but not explicit.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is two sentences, front-loaded with the core action, and contains no extraneous information. Every sentence adds value: first states the function, second explains the hash and a key edge case.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given no output schema or annotations, the description covers the return value and a notable edge case (non-PE). However, it omits expected input constraints (e.g., file existence), error conditions, and whether the tool requires pre-parsed data. Context from siblings like 'parse_binary' is not integrated.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The schema description coverage is 0%, so the description must compensate. It adds that 'path' is a file path for a PE binary, but does not clarify format (absolute/relative), protocol support, or error handling. This provides some meaning beyond the schema but is not fully informative.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states that the tool returns the PE import hash (imphash) for a given path. It uses a specific verb ('Return') and resource ('PE import hash'), and the purpose is distinct from sibling tools like 'extract_strings' or 'get_sections'.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description hints at usage for malware variant identification, but does not explicitly state when to use this tool versus alternatives, nor does it provide when-not-to-use guidance. There is no mention of prerequisites or exclusions, leaving the agent to infer context.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Heretek-RE/re-lief'
If you have feedback or need assistance with the MCP directory API, please join our Discord server