frontend_security_frontend_security_detect_typosquatting

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Despite no annotations, description fully discloses behavior: read-only, no side effects, idempotent; uses Damerau-Levenshtein distance ≤ 2 against curated corpus; returns risk levels (LOW/MEDIUM/HIGH). No hidden surprises.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

Front-loaded with purpose and optimization context. Slightly long due to algorithm details and fallback feedback instruction, but every sentence adds value. Could be trimmed slightly without losing essential info.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Covers all aspects: purpose, usage guidance, behavioral transparency, parameter semantics, and even fallback feedback mechanism. With output schema present (not shown but implied), description provides complete context for effective tool invocation.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema has 0% coverage (no parameter descriptions), but description adds full meaning: package_name required, ecosystem defaults to npm, restrictions (enum). Explains algorithm and output fields, compensating completely.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

Description clearly states it detects typosquatting for frontend packages, naming top packages (React, Vite, Axios, Lodash). Distinguishes from sibling security_detect_typosquatting for backend packages. Purpose is specific and well-defined.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

Explicitly provides when to use (top 500 frontend packages) and when not to (backend packages), directing to sibling tool. Mentions fewer false positives than full npm scan, guiding appropriate selection.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.