Probe walked the full tool surface (pagination not truncated)

Requires a successful MCP `initialize` / `tools/list`. Skipped on perimeter-only scans where the server refused or failed the MCP handshake.

Before pagination support, the scanner saw only page 1 of `tools/list` — a malicious server could trivially hide destructive or credential-touching tools after the first page. Walking the cursor closes the loophole. The cap is the only safety valve against an unbounded walk; reaching it means the surface this report scored is incomplete and the verdict must be re-validated against the full server.

The probe followed `nextCursor` until the server returned a final page, or `tools/list` returned a single non-paginated page.

The probe stopped because it hit the page cap (5 pages) or item cap (500 tools) before the server signalled the final page.

When the rule fails, the report records evidence in roughly this shape:

• {"pages": 5, "capHit": true, "itemsCollected": 500}

Split the server into smaller, purpose-scoped MCP endpoints — each one easier to audit and authorize. If pagination is unavoidable, ensure `nextCursor` returns null within the first few pages so a passive scanner can still observe the full surface.

This rule belongs to the MCP discovery posture dimension. Whether the server cooperates with the MCP handshake — protocol version negotiation, capability flags, and other discovery signals clients depend on.

Read the full methodology for how rules are aggregated into a score, how verdicts are decided, and how hard-fail rules override the aggregate.