nis2_quickscan

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden. It describes the output components (score, per-measure status, evidence, gaps, suggestions) and the scope limitation (only DNS/email layer). It does not explicitly state read-only or error behavior, but the tool appears non-destructive and the scope clarification adds transparency.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description consists of three sentences with no wasted words. First sentence defines core functionality, second lists outputs, third clarifies scope and usage. Well-structured and front-loaded with essential information.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given no output schema, the description explains the output structure adequately. It covers the return elements and scope limitation. It does not mention error handling or domain validation, but for a simple DNS-based tool with two parameters, this is sufficient.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, so the baseline is 3. The description adds minimal extra meaning: domain parameter is straightforward; lang parameter's 'caveat text' is already in schema. No additional semantics beyond schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: computing a NIS2 Article 21.2 readiness score for a domain. It specifies the verb 'compute', the resource 'domain', and the context 'mapping IntoDNS quickscan onto NIS2 measures'. It distinguishes from siblings by focusing on NIS2 compliance, which is unique among the listed sibling tools.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description explicitly states when to use the tool: when the user asks about NIS2 compliance, readiness, Article 21.2, or cyber-hygiene. It also clarifies the tool's limitation (only DNS and email layer) implying it's not for full NIS2 audits. However, it does not name alternative sibling tools for further checks.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.