scan_sql_injectionDetects unsafe query construction using string concatenation or raw methods to prevent SQL injection vulnerabilities.
Sorgu oluştururken string birleştirme veya unsafe raw metodları kullanan kalıpları tespit eder.
| Name | Required | Description | Default |
|---|---|---|---|
| path | No | Taranacak dizin veya dosya. | |
| projectPath | No | İsteğe bağlı proje kökü (otomatik tespit edilir). |
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
Annotations indicate the tool is read-only and idempotent. The description adds that it scans for specific patterns, but does not elaborate on behavior beyond that. With annotations covering safety, a score of 3 is appropriate.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single concise sentence that immediately conveys the tool's purpose. No unnecessary words.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
The tool is a scanner but the description does not explain the output format or what the results look like. Since there is no output schema, the description should provide this context, which is missing.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema coverage is 100% and both parameters are described in the schema. The description adds no extra meaning beyond the schema, so baseline 3 is given.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states that the tool detects patterns of string concatenation or unsafe raw methods when creating queries, which specifically identifies SQL injection vulnerabilities. This distinguishes it from sibling tools like scan_xss.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
No guidance is provided on when to use this tool versus alternative security scanners. The description does not mention prerequisites, exclusions, or comparisons with siblings.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/halitartuc/phpustik'
If you have feedback or need assistance with the MCP directory API, please join our Discord server