Implements WebMCP tool annotations (readOnlyHint, destructiveHint, idempotentHint) to inform browser permission prompts and agent behavior when marking tools with safety metadata.
npx claudepluginhub orcaqubits/agentic-commerce-skills-plugins --plugin webmcp-browser-agentsThis skill is limited to using the following tools:
**Fetch live docs**:
Guides Next.js Cache Components and Partial Prerendering (PPR) with cacheComponents enabled. Implements 'use cache', cacheLife(), cacheTag(), revalidateTag(), static/dynamic optimization, and cache debugging.
Migrates code, prompts, and API calls from Claude Sonnet 4.0/4.5 or Opus 4.1 to Opus 4.5, updating model strings on Anthropic, AWS, GCP, Azure platforms.
Automates semantic versioning and release workflow for Claude Code plugins: bumps versions in package.json, marketplace.json, plugin.json; verifies builds; creates git tags, GitHub releases, changelogs.
Fetch live docs:
https://webmachinelearning.github.io/webmcp/ for the annotations specificationwebmcp tool annotations readOnlyHint destructiveHint idempotentHint for annotation field detailssite:developer.chrome.com webmcp annotations permissions for how Chrome uses annotationssite:github.com mcp-b annotations for polyfill support for annotationsTool annotations are optional metadata attached to a tool definition that inform the browser and agent about the tool's behavior and safety characteristics. The browser uses annotations to decide whether to prompt the user for confirmation before allowing agent invocation.
| Annotation | Type | Default | Meaning |
|---|---|---|---|
readOnlyHint | boolean | false | Tool only reads data, does not modify any state |
destructiveHint | boolean | false | Tool performs irreversible or significant actions |
idempotentHint | boolean | false | Multiple calls with the same input produce the same effect as one call |
| readOnly | destructive | idempotent | Example | Browser Behavior |
|---|---|---|---|---|
| true | false | true | searchProducts | Likely auto-approved |
| false | false | true | addToCart | May auto-approve or prompt once |
| false | false | false | updateProfile | Likely prompts user |
| false | true | false | placeOrder | Always prompts user |
| false | true | true | cancelSubscription | Always prompts user (destructive overrides) |
| Tool | readOnly | destructive | idempotent |
|---|---|---|---|
searchProducts | true | false | true |
viewProductDetails | true | false | true |
getCartContents | true | false | true |
addToCart | false | false | true |
removeFromCart | false | false | true |
updateCartQuantity | false | false | true |
applyCoupon | false | false | true |
checkout | false | true | false |
placeOrder | false | true | false |
initiateReturn | false | true | false |
cancelOrder | false | true | false |
deleteAccount | false | true | false |
updateShippingAddress | false | false | true |
getOrderHistory | true | false | true |
navigator.modelContext.registerTool({
name: "searchProducts",
description: "Search the product catalog",
inputSchema: { /* ... */ },
annotations: {
readOnlyHint: true,
idempotentHint: true
},
async execute(input) { /* ... */ }
});
navigator.modelContext.registerTool({
name: "placeOrder",
description: "Complete the purchase and charge the payment method",
inputSchema: { /* ... */ },
annotations: {
destructiveHint: true
},
async execute(input, client) { /* ... with requestUserInteraction */ }
});
Incorrect annotations are a security risk:
readOnlyHint: true could let agents bypass user confirmationdestructiveHint: true creates unnecessary frictiondestructiveHint with requestUserInteraction() for defense-in-depthFetch the specification for any new annotation types, exact field names, and browser interpretation rules before implementing.