Scan WeChat mini program projects to detect security issues such as exposed keys, sensitive logs, permission misconfigurations, and test residues before release.
小程序上线专项安全快扫,检查密钥字段、敏感日志、数据库权限、云存储访问、云函数权限、隐私字段、测试残留和配置边界。
| Name | Required | Description | Default |
|---|---|---|---|
| projectPath | No | ||
| limit | No | 最多扫描多少个安全文本文件,默认 1200。 | |
| maxFindings | No | 最多返回多少条发现,默认 120。 |
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations provided, the description carries full behavioral disclosure burden. It lists checked areas but does not specify if the tool is read-only, whether it modifies state, requires special permissions, or how results are processed. 'Quick scan' lacks behavioral detail.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
Single sentence in Chinese, efficient and front-loaded. No fluff; every part contributes to understanding the tool's core function.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given no output schema and no annotations, the description omits critical context: output format, side effects, prerequisites (e.g., project must exist), and whether results persist. The tool appears complex but is underexplained.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
Schema has three parameters with 67% description coverage. The description mentions '扫描多少个安全文本文件' (how many security text files to scan) indirectly explaining 'limit', and uses '最多返回多少条发现' (max findings) for 'maxFindings'. However, 'projectPath' lacks context beyond the tool's purpose, so description adds moderate value.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly states the tool's purpose: a security quick scan for mini-program launch, checking specific security aspects like keys, sensitive logs, permissions, etc. It distinguishes itself from sibling tools by focusing solely on security scanning, using the verb '检查' (check).
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
No explicit guidance on when to use this tool versus alternatives. The description implies pre-launch usage but does not mention exclusions or alternative tools for different security needs. Among siblings, tools like 'miniapp_launch_checklist' or 'miniapp_inspect_project' exist without differentiation.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/lychee20000105/wechat-miniapp-engineering-mcp'
If you have feedback or need assistance with the MCP directory API, please join our Discord server