All tools have descriptions
Authored by Stanley Hong · AgentReserve (founder).
Every tool includes a non-empty `description`. Missing descriptions make capability review impossible without invoking the tool, which the scanner refuses to do.
When this rule runs
Requires a successful MCP `initialize` / `tools/list`. Skipped on perimeter-only scans where the server refused or failed the MCP handshake.
Why it matters
Capability review depends on descriptions. Without them, a reviewer cannot tell what the tool does without invoking it — which AgentReserve refuses to do, and which most cautious operators should refuse too.
Pass condition
Every advertised tool has a non-empty `description`.
Fail condition
One or more tools omit a description.
Evidence examples
When the rule fails, the report records evidence in roughly this shape:
{"missingFor": ["update_record"]}
Remediation
Add a one- or two-sentence description for each tool, written for a human reviewer who has not seen the source code.
Methodology
This rule belongs to the Metadata transparency dimension. Whether the server identifies itself and documents its tools — and whether the advertised identity matches the wire identity (cert CN/SAN, hostname). Operators need a stable name, a version, and an internally consistent identity claim to perform any kind of audit.
Read the full methodology for how rules are aggregated into a score, how verdicts are decided, and how hard-fail rules override the aggregate.