kali_web_scan

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure but offers minimal information. It states the general function but doesn't describe what the scan does (e.g., types of vulnerabilities checked, output format, whether it's destructive or safe, runtime behavior, or potential side effects). For a security scanning tool with zero annotation coverage, this leaves significant gaps in understanding its operational characteristics.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, efficient phrase ('Web application security scanning') that's appropriately sized and front-loaded with the core purpose. There's zero wasted verbiage, and it immediately communicates the essential function without unnecessary elaboration.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's complexity (security scanning with multiple tool options), lack of annotations, and no output schema, the description is insufficiently complete. It doesn't address behavioral aspects, output expectations, error handling, or integration with sibling tools. For a tool that likely produces detailed security findings, more context is needed to guide effective use.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, so the schema already documents all three parameters (target, tool, options) with basic descriptions. The description adds no additional parameter semantics beyond what's in the schema—it doesn't explain tool selection criteria, option formatting, or target URL requirements. This meets the baseline of 3 since the schema does the heavy lifting, but the description doesn't enhance parameter understanding.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description 'Web application security scanning' clearly states the tool's purpose with a specific verb ('scanning') and resource ('web application security'), making it immediately understandable. It distinguishes from most siblings like 'kali_network_scan' or 'kali_vulnerability_scan' by specifying the web application focus, though it doesn't explicitly differentiate from 'kali_web_exploitation' which might have overlapping scope.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention when to choose it over sibling tools like 'kali_web_exploitation', 'kali_vulnerability_scan', or 'kali_network_scan', nor does it specify prerequisites, target types, or appropriate contexts for web scanning versus other security tasks.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.