set_api_auth

Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?

With no annotations provided, the description carries the full burden of behavioral disclosure. It successfully discloses the critical security behavior that env_var credentials are 'never stored on disk' and resolved at request time. However, it omits other important behavioral traits for a configuration tool: whether this overwrites existing auth, validation behavior, and idempotency semantics.

Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.

Is the description appropriately sized, front-loaded, and free of redundancy?

The description consists of three tightly constructed sentences with zero waste: sentence 1 establishes purpose, sentence 2 enumerates capabilities, and sentence 3 provides critical security guidance. Information is front-loaded and every clause earns its place.

Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.

Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?

Given the 100% schema coverage and lack of output schema, the description adequately covers the primary function. However, for a configuration/mutation tool with zero annotations indicating side effects or safety, the description should disclose overwrite behavior and validation semantics to be considered complete. As is, it leaves operational questions unanswered.

Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.

Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?

While the schema has 100% coverage (baseline 3), the description adds meaningful semantic context beyond the schema. Specifically, it clarifies the security implication of the env_var parameter ('never stored on disk'), which is not explicitly stated in the schema's technical description of the parameter, and maps the auth types to their transport mechanisms (header vs query param).

Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.

Does the description clearly state what the tool does and how it differs from similar tools?

The description clearly states the specific action ('Configure authentication') and resource ('for an API'), and enumerates supported auth types (API key header/query, bearer). It implicitly distinguishes from siblings like call_api or register_api by focusing specifically on auth configuration, though it could explicitly clarify this is a prerequisite for call_api.

Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.

Does the description explain when to use this tool, when not to, or what alternatives exist?

The description provides internal guidance on parameter selection ('Use env_var to reference a secret'), helping users choose between credential and env_var parameters. However, it lacks explicit workflow guidance regarding when to use this tool versus siblings (e.g., 'use this before call_api') or prerequisites for invocation.

Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.