decode_protocol

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

The description discloses the output format (tab-separated table) and size benefit ('much smaller than full JSON'), and mentions the underlying tshark command. Annotations already declare readOnlyHint=true, and the description adds relevant behavioral context without contradiction.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

Three sentences, each carrying distinct value: purpose and method, protocol options, and output/filter guidance. No redundant or filler content.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a 5-parameter tool without output schema, the description covers purpose, input, output format, supported protocols, custom fields, and filter usage. It omits error handling details but is otherwise thorough and actionable.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema coverage is 100%, but the description adds meaning beyond descriptions: it explains the relationship between protocol and fields (curated defaults vs custom), imposes a max of 20 fields, clarifies filter ANDs with protocol filter, and notes default packet_count of 50.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool extracts protocol-specific fields from pcap files using tshark '-T fields', lists supported protocols, and allows custom fields. It distinguishes itself from sibling tools like read_pcap (full dump) and export_json (JSON output) by specifying tab-separated output.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides explicit context: use curated defaults for supported protocols, supply custom fields for others, and apply optional filters. It lacks explicit when-not-to-use scenarios but implies alternatives through sibling tool names and the focus on field extraction.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.