// SCAN REPORT

JS Reverse Strong MCP

85 tools. 35 can modify or destroy data without limits.

2 destructive tools with no built-in limits. Policy required.

Last updated:

35 can modify or destroy data
50 read-only
85 tools total

Community server · catalogue entry verified 11/06/2026

How to control JS Reverse Strong MCP ↓

TOOL MAP

What JS Reverse Strong MCP exposes to your agents

Read (50) Write / Execute (33) Destructive / Financial (2)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS
Critical Risk

The most dangerous JS Reverse Strong MCP tools

Destructive · High delete_session_state The tool irreversibly removes session data stored in memory. Destructive · Medium remove_hook Removing a hook is an irreversible action in the current runtime session; once removed, the hook's captured state and interception are lost. Execute · High evaluate_on_callframe This tool executes arbitrary JavaScript expressions within a debugger context. Execute · High inject_preload_script The tool allows injection and execution of custom code in a privileged position (preload phase) within a browser environment.

35 of JS Reverse Strong MCP's 85 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control JS Reverse Strong MCP

PolicyLayer is an MCP gateway — it sits between your AI agents and JS Reverse Strong MCP, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "delete_session_state": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "remove_breakpoint": {
    "limits": [
      {
        "counter": "remove_breakpoint_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "decompile_wasm_module": {
    "limits": [
      {
        "counter": "decompile_wasm_module_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register JS Reverse Strong MCP — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON JS REVERSE STRONG →

Free to start. No card required.

FULL CATALOGUE

All 85 JS Reverse Strong MCP tools

DESTRUCTIVE 2 tools
Destructive delete_session_state Delete one in-memory session snapshot by sessionId. Destructive remove_hook Remove a hook by id.
EXECUTE 27 tools
Execute evaluate_on_callframe Evaluates a JavaScript expression in the context of a specific call frame while paused. This allows you to ins Execute inject_preload_script Register a JavaScript snippet that will run on future document loads before page scripts execute. Use this for Execute navigate_page Navigates the currently selected page to a URL, or performs back/forward/reload navigation. Waits for DOMConte Execute new_page Creates a new page and navigates to the specified URL. Waits for DOMContentLoaded event (not full page load). Execute stop_monitor Stops an event monitor. Execute wait_for_element Wait for selector to appear. Execute analyze_target One-shot reverse workflow: collect code, run security/crypto analysis, optional deobfuscation, and hook timeli Execute break_on_xhr Sets a breakpoint that triggers when an XHR/Fetch request URL contains the specified string. Execute evaluate_script Evaluate a JavaScript function inside the currently selected page. Returns the response as JSON so returned va Execute hook_function RECOMMENDED for reverse engineering: Hooks a JavaScript function to log its calls, arguments, and return value Execute inject_hook Inject an existing hook into the current page. Execute inject_stealth Inject anti-detection stealth scripts to current page. Execute pause Pauses JavaScript execution at the current point. Use this to interrupt running code. Execute step_into Steps into the next function call. Use this to enter and debug function bodies. Execute step_out Steps out of the current function, continuing until the function returns. Use this to quickly exit a function. Execute step_over Steps over to the next statement, treating function calls as a single step. Use this to move through code with Execute trace_function Traces calls to a function by its name in the source code. Works for ANY function including module-internal fu Execute unhook_function Removes a previously installed function hook. Execute click_element Click an element by selector. Execute create_hook RECOMMENDED: Create hook script for function/fetch/xhr/property/cookie/websocket/eval/timer. Hooks run without Execute restore_session_state Restore a previously saved session snapshot to current page. Execute resume Resumes JavaScript execution after being paused at a breakpoint. Execution continues until the next breakpoint Execute select_frame Selects a frame (by index from list_frames) as the execution context for evaluate_script, hook_function, inspe Execute select_page Select a page as a context for future tool calls. Execute set_breakpoint Sets a breakpoint in a JavaScript file at the specified line. The breakpoint will trigger when the code execut Execute set_breakpoint_on_text Sets a breakpoint on specific code (function name, statement, etc.) by searching for it and automatically dete Execute type_text Type text into an input element.
WRITE 6 tools
Write remove_breakpoint Removes a breakpoint by its ID. Use list_breakpoints to see active breakpoints. Write remove_xhr_breakpoint Removes an XHR/Fetch breakpoint. Write load_session_state Load a session snapshot from JSON string or file into memory. Write record_reverse_evidence Append structured reverse-engineering evidence to a task artifact log. Write export_rebuild_bundle Export a local Node rebuild bundle from observed reverse-engineering evidence. Write set_user_agent Set custom user-agent for active page.
READ 50 tools
Read decompile_wasm_module Disassemble a Wasm module to WAT using wabt/wasm2wat and summarize function-level behavior. Read risk_panel Build a combined risk score from analyzer, crypto detector and hook signals. Read summarize_wasm_boundary Build candidate JS -> memory bridge -> Wasm export -> sink chains for a captured Wasm module. Read analyze_wasm_module Analyze one Wasm module by session module ID, base64 payload, or artifact path. Read analyze_wasm_signature_diff Compare captured JS-Wasm boundary chains to highlight which query/body/header inputs vary like signature mater Read analyze_websocket_messages Analyzes WebSocket messages and groups them by pattern/fingerprint. Essential for understanding binary/protobu Read check_browser_health Check browser connectivity and active page readiness before running reverse workflows. Read collect_code Collect JavaScript code from a page with smart modes (summary/priority/incremental/full). Read collect_wasm Collect Wasm modules from network responses and runtime instantiation hooks. Read collection_diff Compare previous and current collected file summaries. Read deobfuscate_code AI-assisted JavaScript deobfuscation. Read detect_crypto Detect cryptographic algorithms/libraries from JavaScript source. Read diff_env_requirements Compare local runtime failures with observed browser capabilities and suggest the next environment patches. Read dump_session_state Export a saved session snapshot as JSON, optionally writing to a file. Read find_clickable_elements Find clickable buttons/links, optionally filtered by text. Read find_in_script Finds a string in a specific script and returns its exact line/column position with surrounding context. Ideal Read get_console_message Gets a console message by its ID. You can get all messages by calling ${listConsoleMessages.name}. Read get_dom_structure Get DOM tree structure for current page. Read get_hook_data Get captured data for one hook or all hooks. Supports raw view and summary view for noise reduction. Read get_network_request Gets a network request by an optional reqid, if omitted returns the currently selected request in the DevTools Read get_paused_info Gets information about the current paused state including call stack, current location, and scope variables. U Read get_performance_metrics Get page performance metrics from Performance API. Read get_request_initiator Gets the JavaScript call stack that initiated a network request. This helps trace which code triggered an API Read get_script_source Gets the source code of a JavaScript script by its script ID. Supports line range (for normal files) or charac Read get_storage Gets browser storage data including cookies, localStorage, and sessionStorage. Read get_websocket_message Gets a single WebSocket message by its frame index. Use get_websocket_messages or analyze_websocket_messages f Read get_websocket_messages Gets messages for a WebSocket connection. IMPORTANT: For binary/protobuf messages (like live streaming), use a Read inspect_object Deeply inspects a JavaScript object, showing its properties, prototype chain, and methods. Useful for understa Read inspect_wasm_exports Summarize Wasm export usage and likely high-value entry points. Read list_breakpoints Lists all active breakpoints in the current debugging session. Read list_console_messages List all console messages for the currently selected page since the last navigation. Read list_frames Lists all frames (including iframes) in the current page as a tree. Shows frame index, name, and URL. Use sele Read list_hooks Lists all active function hooks. Read list_network_requests List all requests for the currently selected page since the last navigation. Read list_pages Get a list of pages open in the browser. Read list_scripts Lists all JavaScript scripts loaded in the current page. Returns script ID, URL, and source map information. U Read list_session_states List all saved session snapshots in memory. Read list_stealth_features List available stealth feature toggles. Read list_stealth_presets List available stealth presets. Read list_wasm_modules List Wasm modules captured in the current session. Read list_websocket_connections List all WebSocket connections. After getting wsid, use analyze_websocket_messages(wsid) FIRST to understand m Read monitor_events Monitors DOM events on a specified element or window. Events will be logged to console. Read query_dom Query one or multiple elements by CSS selector. Read search_in_scripts Search in collected script cache with regex pattern. Read search_in_sources Searches for a string or regex pattern in all loaded JavaScript sources. Returns matching lines with script ID Read summarize_code Summarize one code file, multiple files, or project-level context. Read take_screenshot Take a screenshot of the page or element. Read understand_code Analyze code structure/business/security with AI + static analysis. Read export_session_report Export current reverse-engineering session as JSON or Markdown. Read save_session_state Save current page session state (cookies/localStorage/sessionStorage) into in-memory snapshot.
EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Sperax Ecosystem Crypto & DeFI MCP Server 1318 tools
adminautomation
Mcp Afip 1300 tools
adminautomation
Mcp Ap2 1300 tools
adminautomation
BNB Chain MCP 1240 tools
adminautomation
Nodebench 824 tools
adminautomation
Amazon Bedrock Knowledge Base Retrieval MCP Server 805 tools
adminautomation
Amazon Data Processing MCP Server 805 tools
adminautomation
Amazon ECS MCP Server 805 tools
adminautomation
FAQ

Questions about JS Reverse Strong MCP

Can an AI agent delete data through the JS Reverse Strong MCP server? +

Yes. The JS Reverse Strong MCP server exposes 2 destructive tools including delete_session_state, remove_hook. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through JS Reverse Strong MCP? +

The JS Reverse Strong MCP server has 6 write tools including remove_breakpoint, remove_xhr_breakpoint, load_session_state. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach JS Reverse Strong MCP.

How many tools does the JS Reverse Strong MCP server expose? +

85 tools across 4 categories: Destructive, Execute, Read, Write. 50 are read-only. 35 can modify, create, or delete data.

How do I enforce a policy on JS Reverse Strong MCP? +

Register the JS Reverse Strong MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every JS Reverse Strong MCP tool call.

Deterministic rules across all 85 JS Reverse Strong MCP tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON JS REVERSE STRONG →

Free to start. No card required.

85 JS Reverse Strong MCP tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.