Tool count is reasonable
Authored by Stanley Hong · AgentReserve (founder).
Servers exposing a very large number of tools (>50) increase the agent's blast radius. Smaller, focused servers are easier to audit and reason about.
When this rule runs
Requires a successful MCP `initialize` / `tools/list`. Skipped on perimeter-only scans where the server refused or failed the MCP handshake.
Why it matters
A sprawling tool surface is harder to audit and gives an agent more ways to do unintended things. Smaller, focused servers are easier to reason about and easier to constrain.
Pass condition
The server advertises 50 or fewer tools via `tools/list`.
Fail condition
The server advertises more than 50 tools.
Evidence examples
When the rule fails, the report records evidence in roughly this shape:
{"count": 84, "threshold": 50}
Remediation
Split large servers into smaller, purpose-scoped ones — one server per coherent capability domain — so each surface can be reviewed and authorized independently.
Methodology
This rule belongs to the Exposure minimization dimension. Whether the server keeps its surface small. Large, sprawling tool sets expand the agent's blast radius and are harder to review.
Read the full methodology for how rules are aggregated into a score, how verdicts are decided, and how hard-fail rules override the aggregate.