| ▲ | koolala a day ago | |||||||
What kind of destructive action do you mean that is so critical? | ||||||||
| ▲ | miguelspizza a day ago | parent [-] | |||||||
WebMCP essentially turns your website into an MCP server. Which means it is kind of like building a UI for the LLM that lives alongside the human UI. It's also a contract for how LLM's interact with a website, they can do no more than the tools allow them to do. When you are running javascript on the page, the entire website is an attack surface. Let's take gmail, for example. There is no way to protect your webpage from an agent running a script that sends an email by triggering the send email button. But with WebMCP, you can explicitly disable the "send_email" tool when the agent interacts with gmail. | ||||||||
| ||||||||