servicenow-mcp

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden of behavioral disclosure. It adds minimal value: the '[Write]' tag implies a mutation operation, and 'Trigger' suggests an asynchronous or background process. However, it fails to describe critical behaviors such as required permissions, whether the scan runs immediately or is scheduled, potential side effects (e.g., system load), rate limits, or expected response format. This leaves significant gaps for a tool that likely performs system-altering actions.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is very concise—a single sentence plus a tag—and front-loads the core purpose. There's no wasted verbiage, and the '[Write]' annotation is efficiently appended. However, the brevity comes at the cost of completeness, as noted in other dimensions, but structurally it's well-organized for quick scanning.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of a vulnerability scan tool (likely involving system mutations, permissions, and asynchronous operations), the description is inadequate. With no annotations, no output schema, and minimal behavioral details, it fails to provide enough context for safe and effective use. The description should cover aspects like execution mode, security implications, or result handling, but it does not, leaving the agent with significant uncertainty.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, meaning all parameters (ci_sys_ids, group, scan_type) are documented in the schema with clear descriptions. The description adds no additional parameter semantics beyond what the schema provides—it doesn't explain relationships between parameters (e.g., mutual exclusivity of ci_sys_ids and group) or provide examples. Given the high schema coverage, a baseline score of 3 is appropriate, as the description doesn't compensate but also doesn't detract.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('Trigger a vulnerability scan') and the target ('specified CIs or groups'), which is specific and actionable. It distinguishes itself from sibling tools like 'get_vulnerability' or 'list_vulnerabilities' by focusing on initiating scans rather than retrieving data. However, it doesn't explicitly differentiate from 'run_discovery_scan' or other scan-related tools in the list, which slightly limits its clarity in context.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention prerequisites (e.g., permissions, system state), exclusions, or comparisons to similar tools like 'run_discovery_scan' or 'list_vulnerabilities'. Without this context, an agent must infer usage based on the tool name alone, which is insufficient for optimal selection.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.