bricks_security_audit

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

The description labels the tool as 'Read-only', making its non-destructive nature clear. It also mentions authentication requirements ('Requires admin credentials'), a limitation ('Not a malware scanner'), and a behavioral rule (critical finding caps grade to F). No annotations are provided, so the description fully carries the transparency burden and does so thoroughly.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is a single, well-structured paragraph of three sentences. It front-loads the core action and then adds specifics. Every sentence adds unique value: purpose, scoring details, output ordering, rule, prerequisite, and what it is not. No wasted words.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given a complex audit tool with no output schema, the description provides essential context: what it assesses, how it scores, output ordering, a critical rule, prerequisites, and exclusions. It lacks explicit details on the structure of returned findings but mentions 'remediation' and 'worst-first,' which is sufficient for an agent to understand the output nature.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The tool has zero parameters, so the input schema is trivially fully covered. The description does not need to add parameter semantics. With no parameters, a baseline of 4 is appropriate.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool performs a read-only security audit and specifies the exact dimensions scored (CVEs, permissions, etc.), output format (score 0-100 A-F, findings worst-first), and a special rule (critical caps grade to F). It also distinguishes from a malware scanner, providing clear purpose boundaries.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description explicitly states the prerequisite ('Requires admin credentials') and what the tool is not ('Not a malware scanner'), guiding appropriate usage. However, it does not explicitly name alternative sibling tools or provide when-to-use vs. when-to-avoid guidance, such as differentiating from bricks_security_inventory.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.