// SCAN REPORT

OpenChrome

106 tools. 59 can modify or destroy data without limits.

4 destructive tools with no built-in limits. Policy required.

Last updated: 11 Jun 2026

59 can modify or destroy data

47 read-only

106 tools total

Community server · catalogue entry verified 11/06/2026

How to control OpenChrome ↓

TOOL MAP

Read (47) Write / Execute (55) Destructive / Financial (4)

MOST DANGEROUS TOOLS

Critical Risk

Destructive · Medium oc_checkpoint The tool supports multiple operations including 'delete' of checkpoints, which is irreversible. Destructive · High cookies Manage browser cookies (get, set, delete, clear). Destructive · High crawl_cancel Mark a crawl job as cancelled. Returns immediately. Subsequent Destructive · High element_pick Start or cancel an in-page human element picker overlay. Returns selector, DOM, style, and bounding-box facts; it does not persist skills di

59 of OpenChrome's 106 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

HOW TO CONTROL OPENCHROME

PolicyLayer is an MCP gateway — it sits between your AI agents and OpenChrome, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations

{
  "cookies": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations

{
  "http_auth": {
    "limits": [
      {
        "counter": "http_auth_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations

{
  "console_capture": {
    "limits": [
      {
        "counter": "console_capture_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

Create a free account and register OpenChrome — nothing to install.
Add these rules — paste them, or build them visually. Tune the limits to your setup.
Point your MCP client (Claude, Cursor, anything) at your gateway URL.

ENFORCE POLICY ON OPENCHROME →

Free to start. No card required.

ALL 106 OPENCHROME TOOLS

DESTRUCTIVE 4 tools

Destructive cookies Manage browser cookies (get, set, delete, clear). Destructive crawl_cancel Mark a crawl job as cancelled. Returns immediately. Subsequent Destructive element_pick Start or cancel an in-page human element picker overlay. Returns selector, DOM, style, and bounding-box facts; Destructive oc_checkpoint Save, load, list, or delete automation checkpoints for long-running session continuity.

EXECUTE 40 tools

Execute geolocation Set or clear geolocation override. Execute oc_task_cancel Request cancellation of a background task. Best-effort: the runner Execute act Execute multi-step browser actions from a natural language instruction. Parses and runs click, type, select, s Execute batch_execute Execute JS across multiple tabs in parallel. Execute emulate_device Emulate device viewport and UA via preset or custom. Execute execute_plan Execute a cached plan by ID, bypassing per-step LLM calls. Falls back gracefully on failure for manual retry. Execute javascript_tool Execute JavaScript code in the context of the current page. The code runs in the page Execute navigate Navigate to a URL, or go forward/back in browser history. Use Execute oc_performance_insights Capture a CDP performance trace and return named insights Execute oc_pilot_run_with_recovery Pilot-only bounded deterministic recovery wrapper for one tool call under declared safe recipes. Requires --pi Execute oc_run_start Start an opt-in OpenChrome run ledger. Returns {run_id,status,pathless metadata}. Execute oc_stop Shut down OpenChrome and close Chrome. Auto-relaunched on next tool call. Execute oc_task_run_complete Enter a terminal TaskRun state (COMPLETED, FAILED, or CANCELLED). Terminal TaskRuns are immutable. Execute oc_task_run_start Start an opt-in goal-level TaskRun. Tracks user goal, success criteria, progress summary, item progress, and e Execute oc_task_start Create a task-level browser harness envelope, or launch a long-running tool as a background task. Returns a ta Execute oc_task_wait Block until the task reaches a terminal state (COMPLETED / FAILED / Execute wait_for Wait for a condition. Strongly prefer Execute computer Use a mouse and keyboard to interact with a web browser, and take screenshots. Execute crawl Recursively crawl a website via BFS. Opens pages in new tabs, extracts text and links, follows them up to max_ Execute interact Find element by natural language; click/hover/double_click it; wait for DOM settle; return state.\n\nWhen to u Execute network Simulate network conditions. Execute oc_pilot_handoff_redeem Pilot-tier: redeem a single-use handoff token previously minted by Execute oc_proxy_hook Pilot-tier (--pilot + OPENCHROME_PROXY_HOOK=1): bind host-supplied Execute oc_skill_replay Pilot-tier. Replay a recorded skill (steps + optional contract) Execute oc_task_finish Finish a host-driven task envelope as completed, failed, or cancelled. Execute page_pdf Generate PDF from page. Saves to path or returns base64. Execute page_reload Reload the current page. Execute workflow_init Initialize a workflow with multiple isolated workers for parallel browser ops. Execute drag_drop Drag and drop by selector or coordinates. Pass intent= Execute file_upload Upload files to a file input element on the page. Pass intent= Execute fill_form Fill form fields and optionally submit. Pass intent= Execute form_input Set values in form elements using element reference ID from the read_page tool. Execute lightweight_scroll Scroll page via JS. Returns new scroll position. Execute oc_copy_to_clipboard Copy text to the system clipboard. Useful for copying MCP server URLs or config snippets. Execute oc_open_host_settings Open the MCP connector settings page for a web AI host in the default browser. Execute oc_pilot_handoff_create Pilot-tier: mint a single-use handoff token that lets another agent Execute oc_session_resume Restore working context after context compaction. Execute oc_totp_generate Generate a current TOTP 2FA code for a domain. Requires TOTP secret to be configured. Execute tabs_create Creates a new empty tab in the MCP session Execute worker Manage workers. Actions:

WRITE 15 tools

Write http_auth Set or clear HTTP auth credentials. Write user_agent Set or reset browser user agent. Write oc_run_finish Finish an opt-in OpenChrome run ledger with a terminal, needs_user_input, or needs_strategy_change status. Write oc_task_run_checkpoint Write a compact caller-provided checkpoint summary for a non-terminal TaskRun and return the checkpoint metada Write oc_task_run_needs_help Move a non-terminal TaskRun to NEEDS_HELP with a secret-safe reason, optional resume hint, cursor, and evidenc Write oc_task_run_update Update a non-terminal TaskRun with progress, item results, cursor, evidence, or explicit NEEDS_HELP resume bac Write oc_session_snapshot Save browser state snapshot for context recovery after compaction. Write memory Manage domain knowledge. Actions: Write oc_lane_close Close a task-scoped browser lane and its lane-owned targets without closing unrelated task tabs. Write oc_reflect Create, get, or list structured task-failure reflection artifacts. Write oc_task_update Update a task envelope phase or note. Does not execute browser actions. Write storage Manage browser localStorage and sessionStorage. Write tabs_close Close one or more tabs by tabId, tabIds, or workerId. Write worker_complete Mark a worker as complete with final results. Write worker_update Report worker progress to the orchestration scratchpad.

READ 47 tools

Read console_capture Capture browser console output (start, stop, get, clear). Read network_capture_full Capture network requests with response bodies (capped). Actions: start, stop, getLogs, clear. Bodies over maxB Read network_capture_lite Capture network request metadata + headers (no bodies). Cheap passive recorder. Actions: start, stop, getLogs, Read oc_run_events Return recent events for an opt-in OpenChrome run ledger. Read oc_run_status Return the current status and summary for an opt-in OpenChrome run ledger. Read oc_task_run_get Read a TaskRun meta record and optionally its event log. Read oc_task_run_list List recent TaskRuns sorted by created_at descending. Read-only. Read performance_metrics Get page performance metrics. Read batch_paginate Extract content from paginated viewers in one call. Read crawl_sitemap Crawl a website using its sitemap.xml. Auto-discovers sitemaps from robots.txt or /sitemap.xml. Supports sitem Read expand_tools Show ${hiddenCount} additional specialist tools (network, emulation, PDF, orchestration, etc). Call with tier= Read extract_data Extract JSON-schema data from JSON-LD, Microdata, OpenGraph, or CSS. Use multiple:true for listings, mode= Read find Find elements on the page using natural language. Can search for elements by their purpose (e.g., Read get_page_text Extract raw text content from the page, prioritizing article content. Ideal for reading articles, blog posts, Read inspect Extract focused page state by query. Returns headings, form fields, errors, tabs, and interactive counts scope Read list_profiles List available Chrome profiles with names and directory IDs. Read oc_assert Evaluate a single Outcome Contract assertion against caller-supplied Read oc_connection_health Get CDP connection health metrics including heartbeat mode, reconnect count, ping latency, connection state, a Read oc_credentials Pilot credential vault. Stores values server-side and resolves vault://name references without echoing plainte Read oc_devtools_url Get the Chrome DevTools inspector URL for the current worker\ Read oc_doctor_report Read the most recent openchrome doctor diagnostic report from cache. Returns the DoctorReport written by the l Read oc_gate_inspect Detect whether the current tab is gated (CAPTCHA, SSO redirect, Read oc_journal Query the tool call journal. Actions: Read oc_lane_get Fetch one task-scoped browser lane including live target ids and counters. Read oc_lane_list List task-scoped browser lanes for a task. Read oc_observe Deterministic, numbered list of actionable elements on the page. Read oc_output_fetch Redeem an output handle returned by a large-output tool (read_page, crawl, Read oc_policy Inspect deterministic OpenChrome safety policy. Use action= Read oc_profile_status Check browser profile type and capabilities. Read oc_query Resolve a semantic element query into stable refs for interaction workflows. Read oc_react Pilot read-only React fiber inspection via an opt-in DevTools hook preload. Subcommands: tree, inspect, render Read oc_reap_orphans Manually sweep and terminate orphaned OpenChrome-managed Chrome processes. Never touches attach-mode or unmark Read oc_task_get Fetch a single task by task_id. By default returns meta only; pass Read oc_task_list List background tasks in the ledger. Default limit=50, sorted by Read page_content Get HTML content from page or element. Read page_screenshot Save page screenshot to file or return as base64. Supports full-page capture, region clipping, and multiple im Read query_dom Query DOM elements via CSS selector or XPath. Returns tag, attributes, text, position. CSS results include a r Read read_page Get an accessibility tree representation of elements on the page. By default returns all elements. Output is l Read tabs_context Get context information about the current MCP session Read validate_page Composite health check: navigate, wait, capture console errors, return structured summary (title, errors, inte Read vision_find Find elements using vision-based screenshot analysis. Returns annotated screenshot with numbered elements. Read workflow_cleanup Clean up workflow resources (workers, tabs, scratchpads). Read workflow_collect Collect and aggregate results from all workers after completion. Read workflow_collect_partial Collect results from completed workers without waiting for all to finish. Read workflow_status Get current workflow status and worker states. Read oc_context_export Export the active tab\ Read oc_skill_export Export an opt-in codegen replay artifact written by --codegen. Returns the path and byte count for puppeteer,

RELATED SERVERS

Other MCP servers with similar tools — same risk classification, starter policies for each.

FAQ

Can an AI agent delete data through the OpenChrome MCP server? +

Yes. The OpenChrome server exposes 4 destructive tools including cookies, crawl_cancel, element_pick. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through OpenChrome? +

The OpenChrome server has 15 write tools including http_auth, user_agent, oc_run_finish. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach OpenChrome.

How many tools does the OpenChrome MCP server expose? +

106 tools across 4 categories: Destructive, Execute, Read, Write. 47 are read-only. 59 can modify, create, or delete data.

How do I enforce a policy on OpenChrome? +

Register the OpenChrome MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every OpenChrome tool call.

Deterministic rules across all 106 OpenChrome tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

ENFORCE POLICY ON OPENCHROME →

Free to start. No card required.

106 OpenChrome tools catalogued and risk-classified — across an index of 42,500+ MCP servers.

OpenChrome

// TOOL MAP

// MOST DANGEROUS TOOLS

// HOW TO CONTROL OPENCHROME

// ALL 106 OPENCHROME TOOLS

// RELATED SERVERS

// FAQ