Tool descriptions do not collide with other registered servers

Requires a successful MCP `initialize` / `tools/list`. Skipped on perimeter-only scans where the server refused or failed the MCP handshake.

A description shared across two unrelated servers is rarely a benign coincidence: either one is plagiarising another's documentation (the lazy case) or both are part of a coordinated campaign that ships a single payload under multiple names (the rug-pull case). Both warrant operator review before extending trust. The fingerprint store is in-tree; cross-server matching uses an indexed sha256 hash and adds one DB round-trip per scan.

No tool description on the current scan matches a description fingerprint observed on any other server.

At least one tool description on the current scan also appears on a different server's fingerprint store.

When the rule fails, the report records evidence in roughly this shape:

• {"hits": [{"toolName": "summarize", "otherServerCount": 2}]}

Investigate the collision before extending trust. If you copied a description from another MCP server, rewrite it for your own; if a malicious server has copied yours, file a takedown request and rotate any approvals that matched on the description.

This rule belongs to the Metadata transparency dimension. Whether the server identifies itself and documents its tools — and whether the advertised identity matches the wire identity (cert CN/SAN, hostname). Operators need a stable name, a version, and an internally consistent identity claim to perform any kind of audit.

Read the full methodology for how rules are aggregated into a score, how verdicts are decided, and how hard-fail rules override the aggregate.