Retrieve governance, risk, and compliance risk entries with filters for state, category, and record limit.
List GRC (Governance, Risk, Compliance) risk entries
| Name | Required | Description | Default |
|---|---|---|---|
| limit | No | Max records to return (default 25) | |
| state | No | Filter by risk state (draft, assess, review, accepted, closed) | |
| category | No | Filter by risk category |
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations already declare readOnlyHint=true and openWorldHint=true. The description adds no extra behavioral context beyond 'List...entries'. It doesn't explain implications of openWorldHint (e.g., external data sources) or any operational behaviors like pagination or error handling.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Single sentence, no redundant words. Structurally concise, but could benefit from a brief second sentence on usage context. Still, no unnecessary content.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Despite high schema coverage and annotations, the description omits key context for an open-world tool. No mention of what fields are returned, ordering, or that results may include external data (as hinted by openWorldHint). Lacks completeness for effective agent usage.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Input schema has 100% coverage (limit, state, category described). The tool description does not mention or elaborate on these parameters, adding no value beyond what the schema provides. Baseline 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description explicitly states 'List GRC (Governance, Risk, Compliance) risk entries', providing a clear verb and resource. It distinguishes from sibling tools like 'get_grc_risk' (singular retrieval) and 'list_grc_controls' (different entity).
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
No guidance on when to use this tool versus alternatives. No identification of prerequisites, use cases, or exclusions. With many sibling list tools, such context is needed but absent.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/aartiq/nowaikit'
If you have feedback or need assistance with the MCP directory API, please join our Discord server