Scan code for exposed secrets like API keys and passwords to prevent security breaches. Supports multiple programming languages for comprehensive vulnerability detection.
Check Secrets Endpoint
| Name | Required | Description | Default |
|---|---|---|---|
| code | Yes | ||
| language | No |
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations are provided, yet the description discloses no behavioral traits. It fails to state whether the code is analyzed locally or sent to an external service (critical privacy concern), whether the operation is read-only, rate limits, or what the response format contains.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
While brief at three words, this represents under-specification rather than efficient conciseness. The description is not front-loaded with actionable information and wastes space on the irrelevant word 'Endpoint' instead of describing functionality.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Completely inadequate for a 2-parameter tool with zero schema documentation and no output schema. The description provides insufficient context for an AI agent to understand what secrets are being checked, how the code is processed, or what results to expect.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
With 0% schema description coverage (both 'code' and 'language' parameters have empty descriptions), the description must compensate but fails entirely. It does not clarify whether 'code' expects a file path, raw string, or snippet, nor what valid 'language' values are accepted (e.g., 'python' vs 'py').
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description 'Check Secrets Endpoint' is largely tautological, restating the tool name with the generic word 'Endpoint' added. While it hints at secret detection, it fails to specify that it analyzes source code for hardcoded credentials (API keys, passwords) or distinguish its purpose from sibling tools like check_dependencies or check_injection.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
No guidance provided on when to use this tool versus siblings like check_dependencies or check_injection, nor any mention of prerequisites such as code format requirements or language support limitations.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/UPinar/contrastapi'
If you have feedback or need assistance with the MCP directory API, please join our Discord server