Generate a Software Bill of Materials (SBOM) from files or a directory using syft to provide supply chain security insights.
Generate a Software Bill of Materials (SBOM) with syft.
| Name | Required | Description | Default |
|---|---|---|---|
| files | No | ||
| directory | No | ||
| sbom_format | No | syft-json |
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
The description does not disclose behavioral traits beyond what annotations provide. Annotations indicate the tool is not read-only, not destructive, and not idempotent, but the description fails to explain side effects (e.g., whether it creates files, requires network, or has output format details). The description adds no behavioral context.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single sentence—extremely concise, but at the expense of essential information. It lacks structure and fails to provide necessary details such as parameter descriptions or usage notes. Being minimal is not inherently good if it omits critical content.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the tool has three parameters, no output schema, and no annotations providing behavioral context, the description is completely inadequate. It does not explain return values, side effects, or how the SBOM is outputted. Users lack information to effectively invoke the tool.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The schema has 0% description coverage for three parameters (files, directory, sbom_format). The description does not explain any parameter meaning, valid values, or the role of 'files' and 'directory'. The default 'syft-json' is mentioned but not explained. The description fails to compensate for missing schema descriptions.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool generates a Software Bill of Materials (SBOM) using syft, which is a specific action on a specific resource. It distinguishes itself from sibling security tools like arvan_security_scan_image and arvan_security_grype by naming the output (SBOM) and the tool (syft).
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides no guidance on when to use this tool versus alternatives, such as arvan_security_grype for vulnerability scanning or arvan_security_scan_image for image scanning. There are no prerequisites or context for appropriate use.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/dwin-gharibi/arvancloud-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server