webmcp 1.0.0

WebMCP Check v1.0.0

Status

• version: 1.0.0
• check identifier: webmcp
• input contract: [email protected]
• output contract: [email protected]
• scope: site-level WebMCP runtime, declarative, annotation, and static JSON compatibility evidence

Abstract

This check validates WebMCP evidence exposed by a page or origin. It covers current W3C draft runtime evidence through document.modelContext, MCP-B/polyfill compatibility through navigator.modelContext, declarative form attributes, MCP-aware HTML annotations, and static WebMCP JSON profiles such as tools[] manifests and WMCP interaction graphs.

Absence is a scanner warning. WebMCP is experimental, but this suite measures agent readiness, so a site with no WebMCP runtime, declarative annotation, compatibility annotation, or static WebMCP JSON evidence should not receive a silent informational result. Broken, unreachable, or unsafe WebMCP evidence can warn or fail.

Motivation

Agents that interact with web pages need reliable descriptions of available actions, parameters, and side effects. WebMCP-style APIs and annotations can expose those actions more safely than visual scraping alone, but the ecosystem contains several related profiles. A useful check should identify the detected profile, validate its quality, and avoid confusing browser/page WebMCP with backend MCP server discovery.

Normative Model

This version recognizes these profiles:

• W3C WebMCP runtime: document.modelContext.registerTool()
• MCP-B/polyfill compatibility: navigator.modelContext.registerTool()
• W3C declarative form tools: toolname, tooldescription, toolparamdescription, and toolautosubmit
• MCP-aware HTML annotations: data-mcp-tool, data-mcp-description, and hyphenated compatibility attributes
• static WebMCP JSON tools manifests at WebMCP-specific paths
• Web Machine Context & Procedure interaction graphs with version, entities, and actions

Tool identifier validation is profile-aware. W3C-compatible identifiers are accepted for W3C WebMCP. Snake case is preferred for MCP-compatible static and compatibility profiles, but W3C-valid non-snake-case names should warn rather than fail.

Applicability

The check applies when any of the following are found:

• rendered browser evidence for document.modelContext or navigator.modelContext
• static script evidence for registerTool, document.modelContext, or navigator.modelContext
• declarative attributes such as toolname or toolparamdescription
• compatibility attributes such as data-mcp-tool or tool-name
• inline <script type="application/webmcp+json">
• static WebMCP candidates at /.well-known/webmcp.json, /webmcp.json, or linked .wmcp sidecars

When none are found, the result is a warning because this suite treats WebMCP as an emerging recommendation for agent readiness.

Pass Criteria

A passing result requires at least one valid WebMCP profile and no security failures:

• a rendered runtime API exposes document.modelContext.registerTool() or recognized navigator.modelContext compatibility evidence
• or declarative forms have valid tool names, descriptions, labeled/named fields, and useful parameter descriptions
• or static WebMCP JSON matches a recognized tools[] or WMCP interaction-graph profile
• safe operability probing confirms callable runtime methods, readable tool metadata, complete declarative annotations, or fetchable static JSON
• tool metadata avoids prompt-injection-like text, secrets, private endpoints, and sensitive over-collection
• high-risk actions are not misrepresented as read-only

Warning Criteria

Warnings include:

• no WebMCP runtime API, declarative attributes, compatibility annotations, or static manifest is found
• WebMCP evidence is present only through static source strings or compatibility annotations
• declarative annotations are present but incomplete or low quality
• tool names are not in the expected casing for the detected profile
• tool descriptions are too short or do not explain when to use the tool
• input schemas or declarative fields are shallow but still parseable
• static manifests use generic JSON content types rather than WebMCP-specific media types
• safe operability probing is unavailable and the check must rely on static evidence

Failure Criteria

Failures include:

• a runtime model-context object is present but cannot list or register tools through the safe probe
• a static manifest is present but is malformed JSON or not a recognized WebMCP profile
• advertised tools are missing required names, descriptions, or input schema structure
• declarative tools are missing usable labels, names, action targets, or parameter descriptions
• tool metadata contains prompt-injection-like instructions, credential-looking content, private endpoints, or sensitive over-collection
• high-risk write, purchase, account, payment, deletion, or mutation actions are represented as safe read-only actions

Evidence Model

The result emits:

• detected profile names
• browser runtime evidence for document and navigator model-context APIs
• safe operability probe results, including callable method evidence, readable tool counts, and probe errors
• static runtime string evidence
• declarative attribute counts and issues
• data-mcp-tool and compatibility annotation counts
• static manifest paths tried, status codes, content types, selected profiles, tool counts, entity counts, and action counts
• tool metadata quality issues
• security and policy findings, including Permissions-Policy evidence

Evidence must not include full scripts, full manifest bodies, credentials, cookies, authorization headers, or tool return values.

Validation And Scoring Steps

1. runtime-api-detection - weight 0.16

Detect W3C document.modelContext and MCP-B/polyfill navigator.modelContext evidence.

1. operability-probe - weight 0.18

Confirm detected WebMCP surfaces are usable without invoking arbitrary tools.

1. declarative-form-tools - weight 0.15

Validate current declarative form attributes and semantic form coverage.

1. compatibility-annotations - weight 0.10

Record and validate data-mcp-tool and hyphenated compatibility attributes.

1. static-manifest-compatibility - weight 0.16

Validate WebMCP-specific static manifests and WMCP interaction graphs.

1. tool-metadata-quality - weight 0.13

Validate names, descriptions, schemas, side-effect clarity, and high-risk action hints.

1. security-and-policy - weight 0.12

Detect prompt-injection-like metadata, sensitive parameters, read-only mismatches, private endpoints, and policy blockers.

Standard Behavior

This check evaluates WebMCP surfaces from the supplied page-scan input and its own same-origin static manifest fetches. It does not consume output from MCP server-card, OpenAPI, OAuth, A2A, or API catalog checks.

It does not execute arbitrary WebMCP tools. Runtime evidence includes browser API detection and safe operability probes captured during page rendering, such as callable method presence and readable tool listings when the page exposes them.

Non-Standard And Real-World Behavior

navigator.modelContext is recognized as MCP-B/polyfill compatibility evidence. data-mcp-tool is recognized as MCP-aware HTML annotation compatibility evidence. Static /.well-known/webmcp.json, /webmcp.json, linked .wmcp, and application/webmcp+json documents are recognized as static compatibility profiles, not as replacements for the current W3C runtime API.

The check does not use /mcp.json for WebMCP. That path belongs to MCP server metadata compatibility.

Non-Goals And Limitations

• This check does not validate MCP server cards or backend MCP transports.
• This check does not execute arbitrary tools or verify business workflow success.
• This check does not prove browser-wide WebMCP support.
• Service-worker WebMCP discovery is only detected when observable through static metadata.
• Draft WebMCP semantics may change; future versions should capture those changes without mutating v1.0.0 behavior.

References

• webmachinelearning.github.io/webmcp
• github.com/webmachinelearning/webmcp
• github.com/webmachinelearning/webmcp/blob/main/declarative-api-explainer.md
• developer.chrome.com/blog/webmcp-epp
• mcp-b.ai/
• arxiv.org/abs/2508.09171
• github.com/webmachinelearning/webmcp/blob/main/docs/service-workers.md

webmcp v1.0.0 Changelog

• Combined WebMCP runtime, declarative, annotation, and static manifest validation into this check.
• Added W3C document.modelContext and MCP-B navigator.modelContext profile separation.
• Added static WebMCP JSON compatibility validation for tools[] manifests and WMCP interaction graphs.
• Removed /mcp.json from WebMCP manifest discovery.
• Added profile-aware tool-name validation and WebMCP security hygiene checks.
• Treat missing WebMCP evidence as a warning and add safe operability probing for callable runtime APIs, readable tool metadata, and valid static/declarative surfaces.