Scan PDF files to detect hidden JavaScript, auto-actions, invisible text, and other concealed malicious content.
Hidden PDF content detection. Scans PDF files for suspicious elements including embedded JavaScript (/JS), auto-actions (/AA, /OpenAction), hidden annotations, invisible text (white-on-white), embedded files, and other potentially malicious or covert content.
| Name | Required | Description | Default |
|---|---|---|---|
| file_path | Yes | Path to PDF file |
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
No annotations are provided, so the description carries the full burden. It lists the types of suspicious elements detected, but does not disclose non-obvious behaviors such as whether the tool modifies the file, requires special permissions, or affects system state. The description is adequate but could be more transparent.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is concise: one sentence stating purpose followed by a list of detection targets. Every sentence is necessary and contributes to understanding. No redundant or filler content.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool has one parameter, no output schema, and no annotations, the description comprehensively covers what the tool does. It could optionally mention the output format or return value, but the listed detection items provide sufficient context for an agent to decide when to use it.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 100%, with file_path described as 'Path to PDF file'. The tool description adds no additional meaning or constraints beyond what the schema already provides. Baseline 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: scanning PDFs for suspicious hidden content, listing specific elements like JavaScript, auto-actions, hidden annotations, etc. It distinguishes itself from sibling tools like doc_pdf_metadata and doc_pdf_streams.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description implies when to use this tool (when hidden content detection is needed) and provides a clear context. However, it does not explicitly state when not to use it or mention alternative tools, which would differentiate it further from siblings.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/badchars/steganography-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server