Scans source code for hardcoded secrets such as API keys, database passwords, and tokens, generating a report with file names and line numbers.
소스코드 파일이나 디렉토리를 커밋 전에 스캔하여 하드코딩된 AWS/GCP/Slack API 키, DB 비밀번호, JWT 토큰 등을 탐지하고 파일명 및 라인 번호를 포함한 경고 보고서를 생성합니다.
| Name | Required | Description | Default |
|---|---|---|---|
| files | Yes | 스캔할 소스코드 파일 목록 | |
| entropy_threshold | No | 엔트로피 임계값 (기본값: 4.5, 높을수록 민감도 낮음) | |
| output_format | No | 출력 포맷: report | json | sarif |
Does the description disclose side effects, auth requirements, rate limits, or destructive behavior?
With no annotations, the description bears full responsibility for behavioral disclosure. It states the tool scans and generates a report but omits details like whether it modifies files, performance impact, or file size limits. This is adequate but could be more thorough.
Agents need to know what a tool does to the world before calling it. Descriptions should go beyond structured annotations to explain consequences.
Is the description appropriately sized, front-loaded, and free of redundancy?
The description is a single, well-structured sentence that efficiently conveys the tool's purpose and output. Every part adds value without redundancy.
Shorter descriptions cost fewer tokens and are easier for agents to parse. Every sentence should earn its place.
Given the tool's complexity, does the description cover enough for an agent to succeed on first attempt?
Given full schema parameter coverage and the description explaining the output (warning report with file names and line numbers), the description is largely complete. Minor missing details (e.g., report format structure) prevent a perfect score.
Complex tools with many parameters or behaviors need more documentation. Simple tools need less. This dimension scales expectations accordingly.
Does the description clarify parameter syntax, constraints, interactions, or defaults beyond what the schema provides?
All three parameters have descriptions in the schema (100% coverage). The tool description adds no additional semantic meaning beyond providing the overall context of pre-commit scanning. Thus, baseline of 3 is appropriate.
Input schemas describe structure but not intent. Descriptions should explain non-obvious parameter relationships and valid value ranges.
Does the description clearly state what the tool does and how it differs from similar tools?
The description clearly identifies the tool as a scanner for secrets in source code, specifically mentioning targeted types (AWS/GCP/Slack API keys, DB passwords, JWT tokens) and the output (warning report with file names and line numbers). This specificity distinguishes it from sibling tools like disassemble_binary or execute_sandbox.
Agents choose between tools based on descriptions. A clear purpose with a specific verb and resource helps agents select the right tool.
Does the description explain when to use this tool, when not to, or what alternatives exist?
The description specifies the tool should be used 'before commit,' providing clear context for its usage. However, it does not explicitly mention when not to use it or alternative tools, which would further aid decision-making.
Agents often have multiple tools that could apply. Explicit usage guidance like "use X instead of Y when Z" prevents misuse.
We provide all the information about MCP servers via our MCP API.
curl -X GET 'https://glama.ai/api/mcp/v1/servers/uno-km/MCP-Advanced-Toolkit'
If you have feedback or need assistance with the MCP directory API, please join our Discord server