Validate code for security vulnerabilities including XSS, SQL injection risks, and insecure functions to identify potential security issues.
Perform security-focused validation on code. Checks for XSS vulnerabilities, SQL injection risks, insecure functions, and other security issues.
| Name | Required | Description | Default |
|---|---|---|---|
| code | Yes | The code to check for security issues |
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations provided, the description carries full burden for behavioral disclosure. It mentions what the tool checks but doesn't describe how it behaves: no indication of output format, whether it's read-only or has side effects, performance characteristics, or error handling. The description is functional but lacks operational transparency.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is appropriately concise with two sentences: first states the core purpose, second provides specific examples. No wasted words, though it could be slightly more structured by separating concerns more clearly.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
For a single-parameter tool with good schema coverage but no annotations and no output schema, the description provides adequate functional context but lacks operational details. It explains what the tool does but not what it returns or how it behaves, leaving gaps for an AI agent to understand the complete interaction.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100% with a single parameter 'code' well-described in the schema. The description adds no additional parameter information beyond what's in the schema. According to scoring rules, when schema coverage is high (>80%), baseline is 3 even with no param info in description.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: 'Perform security-focused validation on code' with specific examples of what it checks (XSS vulnerabilities, SQL injection risks, insecure functions). It distinguishes from sibling 'validate_code' by emphasizing security focus, though not explicitly contrasting them.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implies usage context through 'security-focused validation' and listing specific security issues, suggesting this tool is for security analysis rather than general validation. However, it doesn't explicitly state when to use this vs. the sibling 'validate_code' or other alternatives, nor does it mention prerequisites or exclusions.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/Midhun-edv/magento2-coding-standards-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server