BloodHound MCP Server

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries full burden for behavioral disclosure. It mentions the security implications of SQL administrative rights but doesn't describe what the tool actually returns (format, structure), whether it requires specific permissions, rate limits, or error conditions. The pagination behavior is only partially covered in the parameter section.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured with a clear purpose statement followed by context about SQL administrative rights, then a dedicated parameter section. Every sentence adds value, though the security context sentence could be more integrated with usage guidance.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

For a query tool with 3 parameters and no output schema, the description adequately covers the purpose and parameters. However, it lacks details about return format, error handling, and authentication requirements. The security context is helpful but doesn't fully compensate for missing behavioral transparency.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description includes an 'Args' section that documents all three parameters with clear explanations of their purpose. With 0% schema description coverage, this fully compensates by providing computer_id as 'The ID of the computer to query', limit as 'Maximum number of SQL administrative rights to return', and skip as 'Number of SQL administrative rights to skip for pagination'.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the specific action ('retrieves'), resource ('SQL administrative rights'), and scope ('of a specific computer within the domain'). It distinguishes from sibling tools like get_computer_admin_rights and get_user_sql_admin_rights by specifying it's about SQL administrative rights for computers.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description implies usage context by mentioning SQL administrative rights can be abused for lateral movement and privilege escalation, suggesting security assessment scenarios. However, it doesn't explicitly state when to use this tool versus alternatives like get_computer_admin_rights or get_user_sql_admin_rights, nor does it provide any exclusion criteria.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.