Add WebMCP interaction skill + SVO Zählerstandsmeldung domain skill#474
Open
VibeVik89 wants to merge 1 commit into
Open
Add WebMCP interaction skill + SVO Zählerstandsmeldung domain skill#474VibeVik89 wants to merge 1 commit into
VibeVik89 wants to merge 1 commit into
Conversation
interaction-skills/webmcp.md documents navigator.modelContext: how to detect WebMCP, list tools (inputSchema arrives as a JSON string), and the two non-obvious executeTool gotchas — first arg must be the RegisteredTool object (not the name), second arg must be a JSON string (not a JS object). Plus verify-via-DOM since handlers may not echo. domain-skills/svo/zaehlerstandsmeldung.md covers the report_meter_reading tool: required fields, the HT/NT-vs-single-rate conditional fields, the honeypot trap, and that it never submits (CAPTCHA stays a human action). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_01EqyH3G9SuZmQXnotdt4bwi
✅ Skill review passedReviewed 2 file(s) — no findings. |
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
3 issues found across 2 files
Prompt for AI agents (unresolved issues)
Check if these issues are valid — if so, understand the root cause of each and fix them. If appropriate, use sub-agents to investigate and fix each issue separately.
<file name="interaction-skills/webmcp.md">
<violation number="1" location="interaction-skills/webmcp.md:78">
P2: Verification snippet may leak sensitive form data by logging values from nearly all input fields (including non-hidden secrets).</violation>
</file>
<file name="domain-skills/svo/zaehlerstandsmeldung.md">
<violation number="1" location="domain-skills/svo/zaehlerstandsmeldung.md:62">
P2: Syntax error: missing closing parenthesis for `print()` in the verify code example. The expression `print(js(r'''...''')` has an unclosed `print(` call.</violation>
<violation number="2" location="domain-skills/svo/zaehlerstandsmeldung.md:69">
P3: The note advises reading `inputSchema.required`, but per the companion skill (`interaction-skills/webmcp.md`) the `inputSchema` is **often a JSON-encoded string, not an object**. Accessing `.required` directly on a string returns `undefined`. The note should include a `JSON.parse()` step before reading `.required` so the guidance works in the common case.</violation>
</file>
Reply with feedback, questions, or to request a fix.
Fix all with cubic | Re-trigger cubic
| res = js(r'''(() => { | ||
| const out = []; | ||
| document.querySelectorAll('input,select,textarea').forEach(el => { | ||
| if (el.type === 'hidden') return; |
Contributor
There was a problem hiding this comment.
P2: Verification snippet may leak sensitive form data by logging values from nearly all input fields (including non-hidden secrets).
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At interaction-skills/webmcp.md, line 78:
<comment>Verification snippet may leak sensitive form data by logging values from nearly all input fields (including non-hidden secrets).</comment>
<file context>
@@ -0,0 +1,92 @@
+res = js(r'''(() => {
+ const out = [];
+ document.querySelectorAll('input,select,textarea').forEach(el => {
+ if (el.type === 'hidden') return;
+ out.push({name: el.name || el.id, value: (el.type==='checkbox'||el.type==='radio') ? el.checked : el.value});
+ });
</file context>
| out.push({name: el.name, value: (el.type==='checkbox'||el.type==='radio') ? el.checked : el.value}); | ||
| }); | ||
| return out; | ||
| })()''') |
Contributor
There was a problem hiding this comment.
P2: Syntax error: missing closing parenthesis for print() in the verify code example. The expression print(js(r'''...''') has an unclosed print( call.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At domain-skills/svo/zaehlerstandsmeldung.md, line 62:
<comment>Syntax error: missing closing parenthesis for `print()` in the verify code example. The expression `print(js(r'''...''')` has an unclosed `print(` call.</comment>
<file context>
@@ -0,0 +1,69 @@
+ out.push({name: el.name, value: (el.type==='checkbox'||el.type==='radio') ? el.checked : el.value});
+ });
+ return out;
+})()''')
+```
+
</file context>
|
|
||
| - There's a `honeypot` text input — leave it empty (spam trap; filling it likely flags the submission). | ||
| - The page has a fixed notification banner overlaying the lower viewport; `scrollIntoView`/`window.scrollTo` to bring form fields above it before screenshotting. | ||
| - Conversational use: read the tool's `inputSchema.required` first, then ask the user for the tariff type + the matching reading(s) before calling. |
Contributor
There was a problem hiding this comment.
P3: The note advises reading inputSchema.required, but per the companion skill (interaction-skills/webmcp.md) the inputSchema is often a JSON-encoded string, not an object. Accessing .required directly on a string returns undefined. The note should include a JSON.parse() step before reading .required so the guidance works in the common case.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At domain-skills/svo/zaehlerstandsmeldung.md, line 69:
<comment>The note advises reading `inputSchema.required`, but per the companion skill (`interaction-skills/webmcp.md`) the `inputSchema` is **often a JSON-encoded string, not an object**. Accessing `.required` directly on a string returns `undefined`. The note should include a `JSON.parse()` step before reading `.required` so the guidance works in the common case.</comment>
<file context>
@@ -0,0 +1,69 @@
+
+- There's a `honeypot` text input — leave it empty (spam trap; filling it likely flags the submission).
+- The page has a fixed notification banner overlaying the lower viewport; `scrollIntoView`/`window.scrollTo` to bring form fields above it before screenshotting.
+- Conversational use: read the tool's `inputSchema.required` first, then ask the user for the tariff type + the matching reading(s) before calling.
</file context>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What
Two new skills capturing field-tested learnings about WebMCP (
navigator.modelContext) — page-registered, agent-callable tools.interaction-skills/webmcp.md(generic)getTools,executeTool,registerTool,ontoolchange).inputSchemafrequently arrives as a JSON-encoded string, not an object.executeToolgotchas, verified against Chrome (June 2026):RegisteredToolobject fromgetTools(), not the tool name → elseTypeError: ... not of type 'RegisteredTool'.UnknownError: Failed to parse input arguments.domain-skills/svo/zaehlerstandsmeldung.md(site-specific)report_meter_readingtool: required fields, the HT/NT-vs-single-rate conditional fields, thehoneypottrap, and that it never submits (CAPTCHA stays a human action).Why
The
executeToolarg shape is undiscoverable from the API alone and cost several attempts to work out — the next agent on any WebMCP site shouldn't pay that tax again.🤖 Generated with Claude Code
https://claude.ai/code/session_01EqyH3G9SuZmQXnotdt4bwi
Summary by cubic
Adds a generic WebMCP interaction skill and a site-specific SVO meter-reading skill to use page-registered tools instead of the DOM, reducing errors and setup time.
interaction-skills/webmcp.md: Detectsnavigator.modelContext, lists tools (parsesinputSchemawhen it’s a JSON string), and detailsexecuteToolrequirements (pass theRegisteredToolobject and a JSON string). Recommends DOM-based verification.domain-skills/svo/zaehlerstandsmeldung.md: Documentsreport_meter_readinginputs, HT/NT vs single-rate rules, and thehoneypottrap. Notes that the tool fills fields but never submits (CAPTCHA remains manual).Written for commit 15f9fa6. Summary will update on new commits.