peerglass_tls_inspect

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

Annotations correctly declare the tool as readOnlyHint=true and idempotentHint=true. The description adds valuable context about what gets inspected (certificate chain length, HSTS header presence) and the return format, but omits behavioral details like connection timeouts, handling of non-TLS hosts, or rate limits that would be expected for an openWorldHint=true network tool.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured with clear visual sections (summary, use cases, Args, Returns). The first sentence is front-loaded with the complete value proposition. While dense, every section earns its place; the colon-separated list of return values is efficient, and the bullet points are scannable.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool is read-only with provided safety annotations, the description achieves completeness by covering the input contract (with examples), the output contract (described in Returns), and operational use cases. It appropriately omits error-schema details since it describes the successful return value, making it sufficient for agent invocation planning.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Despite the schema's 0% description coverage (only response_format has a schema description), the Args section compensates effectively by providing runtime semantics: hostname includes a realistic example ('cloudflare.com'), port clarifies 'TCP' context and default 443, and response_format enumerates allowed values. This bridges the gap left by the schema.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description opens with a precise action verb ('Connect') and resource ('hostname:port over TLS'), then enumerates specific outputs (subject, issuer, SANs, cipher suite, etc.). This clearly distinguishes it from sibling DNS tools (peerglass_dns_*) and network routing tools (rir_*) by focusing specifically on TLS certificate metadata.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The 'Useful for:' section provides four concrete scenarios (verifying expiry, detecting self-signed certs, checking TLS configuration, auditing HSTS) that establish clear context for when to invoke the tool. While it lacks explicit 'when not to use' exclusions or named sibling alternatives, the specificity of the use cases effectively guides selection.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.