nab

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations indicate mutation (readOnlyHint: false) and external interaction (openWorldHint: true). The description adds substantial behavioral detail: 1Password CLI dependency, form detection logic, TOTP/MFA handling, and markdown conversion of output—none of which are inferable from annotations alone.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

Well-structured with clear front-loading: purpose → mechanics → prerequisites → output. Each sentence adds distinct value (form detection, credential retrieval, MFA handling, CLI requirement). Could be slightly more compact but no wasted sentences.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Appropriately complete for a complex authentication tool. Covers external dependencies (1Password CLI), MFA behavior, and output format. Has output schema, so return value description is supplemental. Only gaps are the undocumented 'url' and 'cookies' parameters.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is only 33% (only 'session' has a description). The description text fails to compensate for the undocumented 'url' parameter (what URL? login page or target?) and 'cookies' parameter (input cookies or hint?). It mentions session storage conceptually but doesn't explicitly map to the parameter.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

Description clearly states the specific action (auto-login), target resource (website), and unique method (1Password credentials). It distinguishes from siblings like 'fetch' (generic retrieval) and 'submit' (manual form submission) by emphasizing automated credential retrieval and MFA handling.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

Provides clear prerequisites ('Requires: 1Password CLI'), which implies usage constraints. However, lacks explicit comparisons to sibling alternatives like 'auth_lookup' or 'submit' for manual authentication flows, and doesn't state when NOT to use the tool.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.