mcp-shield

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden of behavioral disclosure. It mentions the scanning action and targets but does not describe what the tool returns (e.g., report format, findings), potential side effects (e.g., file system access, performance impact), or any constraints like permissions needed or rate limits. This leaves significant gaps for a security scanning tool.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is two sentences with zero waste: the first sentence specifies the action and targets, and the second provides usage context. It is appropriately sized and front-loaded with the core purpose, making it efficient and easy to parse.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity of a security scanning tool, no annotations, and no output schema, the description is incomplete. It lacks details on what the scan returns (e.g., findings, errors), behavioral traits like safety or performance, and does not compensate for the absence of structured output information, making it inadequate for full agent understanding.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

Schema description coverage is 100%, with the single parameter 'path' well-documented in the schema as 'Absolute or relative path to the MCP server directory'. The description does not add any additional meaning or examples beyond what the schema provides, so it meets the baseline for high coverage without extra value.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose with specific verbs ('scan', 'for') and resources ('local MCP server directory'), listing concrete targets like backdoors, exfiltration code, obfuscation, and dangerous patterns. It distinguishes from siblings by focusing on directory scanning rather than supply chain, prompt injection, or package analysis.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides clear context for when to use this tool ('for MCP servers installed locally or cloned from GitHub'), but it does not explicitly state when not to use it or name alternatives among the sibling tools. The guidance is helpful but lacks explicit exclusions or comparisons.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.