Analyze source code for security vulnerabilities using semgrep-powered static application security testing.
Static application security testing (SAST) with semgrep.
| Name | Required | Description | Default |
|---|---|---|---|
| files | No | ||
| directory | No | ||
| config | No | auto |
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations indicate readOnlyHint=false (not read-only) and destructiveHint=false, but the description does not elaborate on potential side effects (e.g., writing results to disk). The term 'testing' suggests no state changes, but this is not confirmed.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single sentence, concise but overly brief. It lacks structure (e.g., usage examples, constraints). At least no redundant information, but could be more informative without exceeding a few lines.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
With three optional parameters, no output schema, and sparse annotations, the description fails to specify return values, interpretation of results, or supported file types. The tool's context (e.g., static analysis of code files) is only implied.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema description coverage is 0%, so the description must compensate. It mentions Semgrep but does not explain the meaning of 'files', 'directory', or 'config' parameters (e.g., what 'auto' config does). Users are left guessing.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states it performs Static Application Security Testing (SAST) using Semgrep, a specific tool. This distinguishes it from dynamic scanning or vulnerability scanning siblings. However, it lacks detail on scope (e.g., source code repositories).
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
No guidance is provided on when to use this tool versus alternatives like arvan_security_scan_vulnerabilities or arvan_security_grype. The description offers no context for choosing SAST over other security testing methods.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/dwin-gharibi/arvancloud-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server