Latest release: v1.0.0Download zip
Capabilities
Compatibility
Security Scan
OpenClaw
Benign
medium confidencePurpose & Capability
The artifacts are coherent for WebMCP/browser-agent development guidance, including tool registration, commerce workflows, authentication, polyfills, and MCP bridging. The notable capability is that the examples cover actions like checkout, account changes, and session-based tool execution.
Instruction Scope
The skill repeatedly instructs the agent to fetch or search current WebMCP documentation before writing code. This is purpose-aligned for an evolving browser API, but users should expect external web content to influence generated implementations.
Install Mechanism
No install spec, required binaries, required environment variables, or package dependencies are declared. The included Python script is a local secret-checking helper and is not referenced as an automatic installer or runtime component in the visible manifest.
Credentials
The guidance is explicit that WebMCP tools run in the browser page context and can use the user's authenticated session, cookies, and same-origin APIs. This is central to the stated purpose and the docs include mitigations such as server-side validation, CSRF protection, and user confirmation.
Persistence & Privilege
The skill discusses registering tools and providing page context during browser sessions, but also recommends unregistering or clearing context on navigation/logout. No hidden background persistence or privilege escalation is shown in the provided artifacts.
Assessment
This skill looks safe to install as development guidance. Before using its patterns in production, review any generated WebMCP tools for least privilege, require explicit confirmation for purchases or account changes, avoid exposing tokens or sensitive personal data to agents, and verify/pin any external polyfill packages or documentation-derived code.