Tool descriptions are within the size bound
Authored by Stanley Hong · AgentReserve (founder).
Every tool's `description` is at most 4096 UTF-8 bytes. The model reads each description on every call, so an oversized description is both a per-call token-cost amplifier and a context-window-eviction primitive: a hostile server pads ignorable filler into a description so prior conversation gets pushed out before the agent decides what to do. 4 KB covers any benign documentation purpose.
When this rule runs
Requires a successful MCP `initialize` / `tools/list`. Skipped on perimeter-only scans where the server refused or failed the MCP handshake.
Why it matters
An MCP description is unbounded by spec, but in practice every byte is paid for in tokens on every call. Descriptions pushed past 4 KB are almost always either auto-generated noise or deliberately inflated to evict earlier context — both bad. Bounding the description forces servers to write for a human reviewer, not a token-budget attacker.
Pass condition
Every tool description is at most 4096 UTF-8 bytes.
Fail condition
At least one tool description exceeds 4096 UTF-8 bytes.
Evidence examples
When the rule fails, the report records evidence in roughly this shape:
{"hits": [{"toolName": "search", "bytes": 65536}]}
Remediation
Trim tool descriptions to 1–2 paragraphs (well under 4 KB). If a tool needs detailed documentation, link to it from a short description rather than embedding the whole thing.
Methodology
This rule belongs to the Schema quality dimension. Whether the tool surface is reviewable without invoking it. Tools without input schemas force agents to guess argument shapes; tool names that aren't plain ASCII identifiers confuse logging and allow-listing.
Read the full methodology for how rules are aggregated into a score, how verdicts are decided, and how hard-fail rules override the aggregate.