credential_check

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations, the description carries full burden for behavioral transparency. It only states the action but does not disclose whether the tool is read-only, requires authentication, has rate limits, contacts an external API, or returns results. This is a significant gap.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is very short (5 words) but front-loads the essential purpose. However, given the tool has 3 parameters and no other context, more detail would be warranted. It is not inefficient but feels under-specified.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

The tool has 3 parameters and no output schema or annotations. The description does not cover parameter usage, expected output, prerequisites, or behavior. It is incomplete for a tool of this complexity.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is low (33%) and the description does not explain the parameters target and check_type beyond the tool's general purpose. It adds no detail about how to use them or their formats, failing to compensate for the low schema coverage.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool checks email/domain in breach databases (HIBP), using specific verb 'Check' and resource 'email/domain in breach databases'. It distinguishes itself from sibling tools like cve_lookup or threat_intel_lookup by specifying HIBP and breach database context.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It lacks when-not-to-use or usage context, assuming the agent knows from the name. No explicit alternatives or exclusions are mentioned.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.