BloodHound MCP Server

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It describes what the tool does (retrieves controllers) and the purpose (identify access paths), but lacks critical behavioral details: whether this is a read-only operation, what format the results return, if there are rate limits, authentication requirements, or error conditions. The description doesn't contradict annotations (none exist), but provides minimal behavioral context.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is well-structured and appropriately sized. It begins with the core purpose, adds explanatory context about controllers, states the use case, and then documents parameters clearly. Every sentence adds value, though the second sentence ('Controllers are entities...') could be integrated more tightly with the first.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given 3 parameters, no annotations, and no output schema, the description is moderately complete. It adequately explains the parameters and purpose, but lacks information about return format, error handling, and behavioral constraints. For a read operation in what appears to be a security analysis context, more detail about result structure and limitations would be beneficial.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The description adds significant value beyond the input schema. The schema has 0% description coverage (only titles), but the description provides clear semantic explanations: 'group_id: The ID of the group to query', 'limit: Maximum number of controllers to return (default: 100)', 'skip: Number of controllers to skip for pagination (default: 0)'. This fully documents all three parameters with purpose and defaults.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Retrieves the controllers of a specific group in the domain.' It specifies the verb ('retrieves') and resource ('controllers of a specific group'), and distinguishes it from siblings like get_group_members or get_group_info. However, it doesn't explicitly differentiate from similar tools like get_computer_controllers or get_user_controllers beyond the group focus.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides implied usage context: 'This can be used to help identify paths to gain access to a specific group.' This suggests a security/access analysis use case. However, it doesn't explicitly state when to use this tool versus alternatives like get_group_admin_rights or get_group_controllables, nor does it mention prerequisites or exclusions.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.