mcp-keycloak

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden of behavioral disclosure. While 'reset' implies a mutation, the description doesn't address critical behavioral aspects: whether this requires admin privileges, whether it invalidates existing sessions, what happens if the user is currently logged in, or potential rate limits. For a security-sensitive operation with zero annotation coverage, this is inadequate.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is appropriately sized and well-structured with clear sections for Args and Returns. Each sentence serves a purpose: the first states the core function, followed by parameter explanations. There's no wasted text, though the 'Returns' section could be slightly more informative beyond 'Status message'.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given this is a mutation tool with no annotations but with an output schema, the description is minimally adequate. It covers the basic purpose and parameters but lacks important context about permissions, security implications, and error conditions. The existence of an output schema means the description doesn't need to detail return values, but it should address more behavioral aspects for a sensitive operation like password reset.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

With 0% schema description coverage, the description adds substantial value by explaining all 4 parameters. It clarifies that 'user_id' identifies the target user, 'password' is the new password, 'temporary' forces password change on next login, and 'realm' is optional with a default. This compensates well for the schema's lack of descriptions, though it doesn't specify password complexity requirements or realm format.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the action ('reset') and resource ('user's password'), making the purpose immediately understandable. It distinguishes this from other user management tools like 'update_user' or 'delete_user' by focusing specifically on password reset functionality. However, it doesn't explicitly differentiate from potential sibling tools like 'logout_user' or 'remove_all_user_sessions' that might also affect user access.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides no guidance on when to use this tool versus alternatives. It doesn't mention prerequisites (e.g., needing admin permissions), when password resets are appropriate versus other user management actions, or what happens if the user is currently logged in. With multiple sibling tools for user management, this lack of contextual guidance is a significant gap.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.