Verify a package against OSV.dev for known vulnerabilities before installing an AI-suggested dependency.
Check a package against OSV.dev before installing an AI-suggested dependency.
| Name | Required | Description | Default |
|---|---|---|---|
| name | Yes | ||
| ecosystem | No | pypi |
| Name | Required | Description | Default |
|---|---|---|---|
No arguments | |||
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations exist, so the description must carry the full burden. It fails to disclose behaviors like network requests, rate limits, what happens on vulnerability detection, or any side effects. The tool is likely a read-only check, but this is not stated.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single, front-loaded sentence with no wasted words. It efficiently conveys the tool's purpose and context.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
An output schema exists, reducing the need to explain return values. However, the description lacks behavioral details and parameter semantics. For a simple check tool, it is functional but not complete.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 0%. The description adds no meaning beyond parameter names. The 'ecosystem' parameter has an enum but the description does not explain its impact (e.g., which package ecosystems are supported).
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the action ('Check a package against OSV.dev') and the specific use case ('before installing an AI-suggested dependency'). It distinguishes from sibling tools like scan_dependencies which likely scans all dependencies.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides clear context for when to use the tool ('before installing an AI-suggested dependency'). It does not explicitly state when not to use or list alternatives, but the context is sufficient.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Lex6won/vibecode-checker'
If you have feedback or need assistance with the MCP directory API, please join our Discord server