Identify critical Active Directory accounts and groups with privileged access to help security teams prioritize remediation efforts in BloodHound MCP environments.
List high value target(s)
| Name | Required | Description | Default |
|---|---|---|---|
| domain | Yes |
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations provided, the description carries the full burden of behavioral disclosure but provides none. It doesn't indicate whether this is a read-only operation, what permissions might be required, whether it performs active scanning or queries existing data, what format the output takes, or any rate limits or constraints. The single sentence offers zero behavioral context beyond the basic action implied by 'List'.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
While technically concise with just three words, this represents under-specification rather than effective conciseness. The description is so brief that it fails to provide meaningful information. There's no structure or front-loading of important details - it's a minimal phrase that doesn't help the agent understand when or how to use this tool effectively.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given the complexity implied by the security-focused sibling tools, the lack of annotations, 0% schema description coverage, no output schema, and a single undocumented parameter, this description is completely inadequate. It provides no context about what 'high value targets' means in this domain, how results are returned, what security implications the tool has, or how it differs from numerous similar tools. The description fails to compensate for the complete lack of structured documentation.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
The description provides no information about the single required 'domain' parameter. With 0% schema description coverage (the schema only provides parameter name and type), the description fails completely to explain what the domain parameter represents, what format it expects, or how it affects the tool's behavior. For a tool with one undocumented parameter, this represents a significant gap in parameter documentation.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description 'List high value target(s)' is essentially a tautology that restates the tool name with minimal elaboration. It provides a basic verb ('List') and object ('high value target(s)'), but lacks specificity about what constitutes 'high value targets' in this security context or how this differs from the many other listing tools in the sibling set. The purpose is vague compared to more specific sibling tools like 'list_all_enabled_users_with_password_never_expires' or 'list_esc1_vulnerable_certificate_templates'.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description provides absolutely no guidance on when to use this tool versus alternatives. With 85+ sibling tools that perform various security enumeration and listing functions, there's no indication of what makes this tool distinct or when it should be selected over other tools like 'list_all_owned_enabled_users' or 'route_from_owned_enabled_principals_to_high_value_targets'. The agent receives no usage context, prerequisites, or differentiation criteria.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/stevenyu113228/BloodHound-MCP'
If you have feedback or need assistance with the MCP directory API, please join our Discord server