DepShield MCP

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full disclosure burden. It adds valuable specificity about detection patterns (typosquats, newly added deps, low-download packages) beyond generic 'security scan,' but lacks operational details like execution time expectations, API call behavior, or failure modes for invalid packages.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

Single sentence structure with parenthetical elaboration maximizes information density. Every word earns its place: 'transitive' establishes scope, parenthetical examples clarify 'suspicious patterns' without disrupting flow, and no filler words are present.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Adequate for a 3-parameter tool with no output schema, covering the core security scanning purpose well. However, given the lack of output schema and annotations, the description should ideally disclose return value structure (vulnerability report format) or execution characteristics (async vs sync, typical duration) to be fully complete.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, establishing a baseline of 3. The description mentions 'transitive dependency tree' which conceptually maps to the depth parameter, and 'package' maps to name, but adds no explicit parameter guidance, syntax details, or version selection logic beyond what the schema already provides.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description uses specific verb 'Scan' with clear resource 'package's transitive dependency tree' and enumerates specific detection targets (vulnerabilities, typosquats, low-download packages). The terms 'deep' and 'transitive' effectively distinguish this from siblings like check_dependency or audit_project.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage through terminology like 'deep scan' and 'transitive dependency tree' (suggesting comprehensive analysis vs. shallow checks), but provides no explicit guidance on when to choose this over check_dependency or audit_project, nor mentions prerequisites like package availability.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.