Audits and implements WebMCP security: permission model, honest descriptions, data minimization, input validation, fingerprinting prevention, fraud mitigations. Use for tool implementations.
npx claudepluginhub orcaqubits/agentic-commerce-skills-plugins --plugin webmcp-browser-agentsThis skill is limited to using the following tools:
**Fetch live docs**:
Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.
Migrates code, prompts, and API calls from Claude Sonnet 4.0/4.5 or Opus 4.1 to Opus 4.5, updating model strings on Anthropic, AWS, GCP, Azure platforms.
Automates semantic versioning and release workflow for Claude Code plugins: bumps versions in package.json, marketplace.json, plugin.json; verifies builds; creates git tags, GitHub releases, changelogs.
Fetch live docs:
https://webmachinelearning.github.io/webmcp/ for security-related sections of the specificationwebmcp security privacy permission model for security architecture detailssite:github.com mcp-b security for polyfill security guidelineswebmcp fingerprinting data minimization for privacy best practicesWebMCP's security model is permission-first:
destructiveHint, readOnlyHint) inform browser permission decisions| Threat | Description | Mitigation |
|---|---|---|
| Deceptive tool descriptions | Tool named "addToCart" actually charges the user | Honest descriptions; browser/audit verification |
| Agent hallucination | Agent calls wrong tool or passes bad parameters | Schema validation; user confirmation for high-risk tools |
| Over-parameterization | Tool requests excessive personal data from agent | Data minimization; server-side session lookups |
| Fingerprinting | Tool parameters reveal user attributes | Minimal input schemas; avoid asking for identity data |
| Rapid automation abuse | Agent makes rapid repeated transactions | Server-side rate limiting; CAPTCHA for bulk operations |
| Cross-origin data leak | Tool exposes data from another origin | Same-origin enforcement; browser sandboxing |
| Session hijacking | Tool's session exploited by malicious agent | Standard CSRF protection; secure cookie flags |
| Prompt injection | Malicious content in tool results manipulates agent | Output sanitization; structured JSON responses |
Tool descriptions are a critical security surface:
addToCart that actually calls placeOrderMinimize the data tools request from agents:
Bad — over-parameterized:
// DON'T: asking agent to supply user's personal data
inputSchema: {
properties: {
userId: { type: "string" },
email: { type: "string" },
shippingAddress: { type: "object" },
creditCardLast4: { type: "string" }
}
}
Good — minimal, server-side lookup:
// DO: only take what's needed, look up user data server-side
inputSchema: {
properties: {
productId: { type: "string" },
quantity: { type: "integer" }
}
}
// execute callback uses session cookies to identify the user server-side
Always validate tool input:
execute is calledProtect against agent abuse:
Log all agent interactions:
requestUserInteraction for financial actionsdestructiveHint set on all financial/irreversible toolsrequestUserInteraction used for purchases, deletions, and account changesclearContext() called on logoutFetch the specification for the latest security requirements, permission model details, and browser enforcement behavior before auditing.