// SCAN REPORT

MCP Camoufox

102 tools. 64 can modify or destroy data without limits.

5 destructive tools with no built-in limits. Policy required.

Last updated: 12 Jun 2026

64 can modify or destroy data

38 read-only

102 tools total

Community server · catalogue entry verified 12/06/2026

How to control MCP Camoufox ↓

TOOL MAP

What MCP Camoufox exposes to your agents

Read (38) Write / Execute (59) Destructive / Financial (5)

Running more than one server? Check your whole stack →

MOST DANGEROUS TOOLS

Critical Risk

The most dangerous MCP Camoufox tools

Destructive · Medium cookie_delete Deleting cookies is irreversible within the session context. Destructive · High localstorage_clear This tool permanently and irreversibly removes all localStorage data, which constitutes destructive action. Destructive · High reset_profile This tool permanently deletes a persistent profile directory without reversibility. Destructive · Medium browser_close Closing the browser is an irreversible action that destroys the current browser session and all associated in-memory state (open tabs, loaded pages, unsaved form data, etc.).

64 of MCP Camoufox's 102 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

POLICY

How to control MCP Camoufox

PolicyLayer is an MCP gateway — it sits between your AI agents and MCP Camoufox, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations

{
  "cookie_delete": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations

{
  "auth_capture": {
    "limits": [
      {
        "counter": "auth_capture_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

{
  "console_start": {
    "limits": [
      {
        "counter": "console_start_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Create a free account and register MCP Camoufox — nothing to install.
Add these rules — paste them, or build them visually. Tune the limits to your setup.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

ENFORCE POLICY ON MCP CAMOUFOX →

Free to start. No card required.

FULL CATALOGUE

All 102 MCP Camoufox tools

DESTRUCTIVE 5 tools

Destructive cookie_delete Delete cookies. Both empty = clear all. Destructive localstorage_clear Clear all localStorage. Destructive reset_profile Delete the persistent profile (~/.camoufox-mcp/profile) entirely. Destructive browser_close Close the browser. Cookies are preserved in the persistent profile (~/.camoufox-mcp/profile). Destructive tab_close Close a tab by index (-1 = active), or by url_contains.

EXECUTE 47 tools

Execute batch_actions Execute multiple actions in one call. Each action: {type, ref?, value?, text?, key?, url?}. Execute browser_launch Launch Camoufox stealth browser and navigate to URL. Browser persists between calls. Execute evaluate Execute JavaScript in page context. Execute frame_evaluate Execute JavaScript inside a specific frame/iframe. Execute mouse_record Start recording mouse positions (call mouse_replay later). Returns recorder handle. Execute navigate Navigate to a URL. Execute navigate_and_snapshot Navigate to URL then return snapshot — combined in one call. Execute network_start Start capturing network requests. With capture_bodies=true also records request/response Execute session_warmup Visit innocuous public sites (Google, Wikipedia) to build browsing history before targeting protected site. He Execute tab_new Open new tab. Execute wait_and_snapshot Wait for selector/text then return snapshot. Combines wait_for + browser_snapshot in one call. Execute wait_for Wait for element/text to appear or disappear. Execute wait_for_any_of Race multiple wait conditions — returns the first that matches, so the agent can branch immediately without se Execute wait_for_navigation Wait for page load to complete. Execute wait_for_network_idle Wait until network is idle for N ms (no in-flight requests). Better than fixed timeouts for SPAs. Execute wait_for_response Wait for a network response matching a URL pattern. Execute wait_for_url Wait for URL to match a pattern. Execute back_and_snapshot Navigate back + return snapshot. Execute check Check checkbox or radio button. Execute reload_and_snapshot Reload page + return snapshot. Execute storage_state_load Load cookies + localStorage from a JSON file (created by storage_state_save). Bypass CF/login if session is fr Execute click Click element by ref ID from browser_snapshot. Auto JS-fallback for overlays. Execute click_and_snapshot Click element by ref + wait + return snapshot. Perfect for buttons that trigger navigation/dialog. Execute click_and_wait Click element then wait for navigation or selector. Atomic — fewer roundtrips than separate click + wait_for. Execute click_role Click element by ARIA role and name. Execute click_text Click element by visible text. Execute click_turnstile Auto-find and click Cloudflare Turnstile checkbox. Port of mcp-stealth-chrome Execute dialog_handle Set handler for next alert/confirm/prompt. Execute drag_and_drop Drag from one element to another. Execute go_back Navigate back in history. Execute go_forward Navigate forward in history. Execute hover Hover over element by ref ID. Execute humanize_click Click element with humanized mouse approach (3-step Bezier-like curve before click). Use for anti-bot pages. Execute humanize_type Type text with Gaussian-distributed delays between keystrokes (mean ~80ms, sigma ~30ms). Mimics human typing r Execute inject_init_script Inject a script that runs before every page load. Execute login_classic Composite login for classic email→password forms (Google, Microsoft, generic SSO). Execute mouse_click_xy Click at exact x,y coordinates. steps>0 adds interpolated pre-movement (human-like). Execute mouse_drift Random mouse movements over a duration — builds up mouse history before action (CF/DataDome behavior analysis) Execute mouse_move Move mouse to x,y. steps>0 interpolates path (human-like). Execute mouse_replay Replay last recorded mouse path with original timing. Execute press_key Press key or combo (Enter, Escape, Control+a, etc.). Execute reload Reload the current page. Execute scroll Scroll the page. Execute select_option Select option from <select> dropdown. Execute set_viewport_size Set viewport width and height. Execute tab_select Switch to a tab by index, or by url_contains (first tab whose URL contains the substring). Execute type_text Type text char by char via keyboard.

WRITE 12 tools

Write auth_capture Save current session as named auth state (e.g. logged-in user). Convenience wrapper: storage_state_save to ~/. Write cookie_import Import cookies from JSON (from cookie_export). Restores session state. Write cookie_import_file Import cookies from a JSON file (Playwright format). Write cookie_set Set a cookie. Write fill Fill input/textarea by ref ID. Clears existing content. Write fill_form Fill multiple form fields and optionally submit. Write localstorage_set Set a localStorage item. Write save_pdf Save page as PDF. Write sessionstorage_set Set a sessionStorage item. Write storage_state_save Save cookies + localStorage to a JSON file. Reload via storage_state_load on a fresh browser to skip login/CF Write uncheck Uncheck a checkbox. Write upload_file Upload file to file input.

READ 38 tools

Read console_start Start capturing console messages from all tabs. Read accessibility_snapshot Get accessibility tree snapshot — compact view of page structure for LLM understanding. Read browser_snapshot Get visible interactive elements with ref IDs. Use refs with click/fill. Always call after navigation. Read console_get Get captured console messages. Read cookie_list List cookies. Read describe_page Compact LLM-friendly page summary (title, heading, key buttons, forms). Cheaper than browser_snapshot for agen Read detect_anti_bot Heuristic detection of anti-bot vendor on current page (Cloudflare, DataDome, Akamai, PerimeterX, Imperva). Read detect_content_pattern Auto-detect repeated content patterns (cards, listings, rows) and suggest CSS selectors. Run this BEFORE extra Read extract_structured Extract structured data from repeated elements (cards, rows, listings). Auto-deduplicates, filters empty items Read extract_table Extract data from an HTML table as JSON array. Read find_by_label Find input element by its label text (<label>). Returns ref. Read find_by_placeholder Find input by placeholder text. Returns ref. Read find_by_text Find element by visible text — returns ref ID or null. Skip browser_snapshot if you know exact text. Read get_attribute Get a specific attribute value from an element. Read get_html Get HTML content from page or element. Read get_links Get all links on the page with URL and text. Read get_page_errors Get JavaScript errors from the page. Read get_text Get visible text from page or element. Read get_url Get current URL and title. Read get_viewport_size Get current viewport dimensions. Read inspect_element Get detailed info about an element (tag, attributes, bounding box, styles). Read list_frames List all frames/iframes in the page. Read localstorage_get Get all localStorage data or a specific key. Read network_get List captured network requests (newest first-capped). Each row shows an id usable with network_get_detail. Read network_get_detail Full request + response detail (headers and text body) for one captured request. Read query_selector_all Query elements by CSS selector, return text/attributes of all matches. Read screenshot Take a screenshot of the current page. Read server_status Health check — verify server, browser status, active tabs. Read sessionstorage_get Get all sessionStorage data or a specific key. Read tab_list List all open tabs. Read assert_element_visible Assert element exists and is visible. Returns success/fail (no throw). Read assert_text_present Assert text is present anywhere on page (case-sensitive substring). Read assert_url_matches Assert current URL matches pattern (substring or regex). Read cookie_export Export all cookies as JSON string. Use with cookie_import to transfer session. Read cookie_export_file Export all cookies to a JSON file (Playwright format). Read export_har Export network traffic as HAR file. Read page_stats Page statistics: element count, size, load metrics. Use to decide extraction strategy. Read scrape_page Smart page scraper — auto-detect and extract main content, links, metadata. Strips nav/footer noise.

EXPLORE

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

FAQ

Questions about MCP Camoufox

Can an AI agent delete data through the MCP Camoufox MCP server? +

Yes. The MCP Camoufox server exposes 5 destructive tools including cookie_delete, localstorage_clear, reset_profile. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through MCP Camoufox? +

The MCP Camoufox server has 12 write tools including auth_capture, cookie_import, cookie_import_file. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach MCP Camoufox.

How many tools does the MCP Camoufox MCP server expose? +

102 tools across 4 categories: Destructive, Execute, Read, Write. 38 are read-only. 64 can modify, create, or delete data.

How do I enforce a policy on MCP Camoufox? +

Register the MCP Camoufox MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every MCP Camoufox tool call.

Deterministic rules across all 102 MCP Camoufox tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON MCP CAMOUFOX →

Free to start. No card required.

102 MCP Camoufox tools catalogued and risk-classified — across an index of 43,000+ MCP servers.