Comment by nsonha
5 months ago
it seems like a cleaner approach to declare a handful of tools that users can approve/ask for granularily, than just say "my website can run any wacky script, here is some bookmarklet, nerds" or the very generic permission model of browser extensions
Couldn't that be solved with a simple bookmarklet permission model? The script would request the same pop-up features as a website?
It's more providing permission granularity on the action level rather than the sandbox level. Your script might not be able to make external api calls, but there is no way to gate the ability to take destructive action within the webpage.
With something like WebMCP you get elicitation and the ability to disable tools from the client.
What kind of destructive action do you mean that is so critical?
2 replies →