BloodHound MCP Server

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

No annotations are provided, so the description carries the full burden. It states the tool 'retrieves' information, implying a read-only operation, but doesn't disclose behavioral traits like authentication requirements, rate limits, error conditions, or whether it returns all user attributes or a subset. The reconnaissance context hints at security implications but lacks specifics on permissions or data sensitivity.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description is moderately concise with three sentences, but the structure could be improved. The first sentence clearly states the purpose, but the second is somewhat redundant ('general overview' repeats 'information'), and the third adds reconnaissance context without clear integration. The 'Args' section is helpful but not fully integrated into the flow.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the complexity (1 parameter, no annotations, no output schema), the description is incomplete. It covers the basic purpose and parameter but lacks details on behavioral traits (e.g., permissions, errors), output format, or how it differs from sibling tools. For a tool in a security/reconnaissance context with many related tools, more guidance is needed.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

The input schema has 1 parameter with 0% description coverage. The description includes an 'Args' section that documents 'user_id: The ID of the user to query,' adding semantic meaning beyond the schema's title ('User Id'). However, it doesn't specify the ID format (e.g., username, email, UUID) or provide examples, leaving gaps. With low schema coverage, this partial compensation earns a baseline score.

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the tool's purpose: 'Retrieves information about a specific user in a specific domain' with 'general overview of a user's information including their name, domain, and other attributes.' This specifies the verb (retrieves), resource (user information), and scope (domain). However, it doesn't explicitly differentiate from sibling tools like 'get_users' (which likely lists multiple users) or 'get_user_info' variants (e.g., 'get_user_admin_rights'), leaving room for improvement.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides minimal usage guidance: 'It can be used to conduct reconnaissance and start formulating and targeting users within the domain.' This implies a reconnaissance context but doesn't specify when to use this tool versus alternatives like 'get_users' for listing users or other user-specific tools (e.g., 'get_user_admin_rights'). No explicit when/when-not rules or prerequisites are mentioned.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.