get_ip_info

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It effectively describes key behaviors: it's a read-only retrieval tool (implied by 'Retrieve', 'extracts'), mentions that it returns data from a 'completed analysis', specifies that an empty array is returned if no IPs were gathered, and details the structure and semantics of the return data including severity classifications. However, it lacks information on error conditions, rate limits, or authentication requirements.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured with clear sections (purpose, args, returns, notes) and front-loaded key information. While comprehensive, some sentences could be more concise (e.g., the explanation of 'only_malicious_indicators' uses multiple sentences where one might suffice). Overall, it efficiently conveys necessary information without significant waste.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the tool's moderate complexity (4 parameters, no annotations, no output schema), the description provides excellent completeness. It covers the purpose, all parameter semantics, detailed return structure with nested object explanations, and important behavioral notes. The description fully compensates for the lack of structured metadata, making the tool's functionality clear to an AI agent.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

With 0% schema description coverage (titles only provide parameter names), the description fully compensates by providing detailed semantic explanations for all four parameters. It clearly explains the purpose of 'webid' as the submission ID, 'run' as the sandbox run index, and provides nuanced explanations for the two boolean filters including their default behaviors and the implications of setting them to True or False.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the specific action ('Retrieve', 'extracts') and resource ('IP addresses in a completed analysis', 'IP addresses gathered by the sandbox engine'), distinguishing it from sibling tools like get_domain_info or get_url_info by focusing exclusively on IP addresses. It precisely defines what the tool does without being tautological.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides clear context for when to use this tool: for retrieving IP addresses from a completed sandbox analysis. It mentions optional filtering parameters for controlling output based on severity, but does not explicitly state when to use this tool versus alternatives like get_analysis_info or search_analysis, nor does it provide exclusion criteria or prerequisites.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.