navigator.modelContext

WebMCP // CLASSIFIED

Your browser is now a server. What did it just expose?

CLEARANCE: DENIED

webmcp-interrogator

$probe navigator.modelContext

>API NOT FOUND — modelContext is undefined

$enumerate capabilities

$check secure context

>INSECURE — WebMCP requires secure context

$query tool enumeration API

>░░░░░░░░ DENIED ░░░░░░░░

$check local registry

>░░░░░░░░ DENIED ░░░░░░░░

$exit — clearance level: DENIED

DETECTION SIGNALS

TOOL REGISTRY

Locally tracked tools registered by this page. The spec has no enumeration API — there is no getTools(), no DevTools panel, no way to query what's registered. Pages register tools into a black box; only the browser and agent can see them.

░░░ API not present — nothing to track ░░░

FINGERPRINT IMPLICATIONS

The mere presence of navigator.modelContext is a fingerprinting signal. It reveals the user has enabled experimental browser flags — narrowing the anonymity set to a tiny fraction of Chrome users. Combined with Chrome version detection, this creates a high-entropy identifier even before any tools are registered.

There is currently no DevTools panel for WebMCP tools. No .well-known/webmcp manifest exists either. An agent must visit each page to discover tools — and any page can silently register tools on load without user interaction. The user only gets prompted when an agent tries to invoke a tool.