auth

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations, the description carries full burden. It discloses key behaviors: saving env var persists to .env, OAuth runs a browser flow for http transport. It does not mention any destructive actions or rate limits, but the provided behaviors are sufficient for understanding the tool's side effects.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is extremely concise, using a single line summary followed by four terse examples. Every sentence adds value; there is no fluff. The front-loaded summary quickly orients the agent.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity (multiple modes) and the presence of an output schema (not shown but exists), the description covers the main contexts: setting, checking, server auth, OAuth. It does not elaborate on return values, but the output schema likely handles that. The description is complete enough for a well-informed agent.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 0%, but the description adds meaning through examples: 'EXA_API_KEY' for env vars, 'mcp-server-time' for server auth, 'my-oauth-server' for OAuth. It also shows the optional value parameter for setting. The meaning is clear, though some edge cases (e.g., valid identifiers) are not fully explained.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states 'Check or set credentials for a server or environment variable' and provides specific usage examples showing three distinct modes. This distinguishes it from siblings like search or status, which handle different concerns. The verb-resource combination is specific and unambiguous.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implicitly guides when to use each mode via examples: setting a variable with two arguments, checking with one, server auth requirements with a server ID, and OAuth with an OAuth server. However, it does not explicitly state when not to use this tool or mention alternatives, although no sibling tool covers auth.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.