Chrome Devtools

47 tools. 30 can modify or destroy data without limits.

1 destructive tool with no built-in limits. Policy required.

Last updated:

30 can modify or destroy data
17 read-only
47 tools total

Community server · catalogue entry verified 02/07/2026

How to control Chrome Devtools ↓

What Chrome Devtools exposes to your agents

Read (17) Write / Execute (29) Destructive / Financial (1)
Critical Risk

The most dangerous Chrome Devtools tools

30 of Chrome Devtools's 47 tools can modify, destroy, or commit something on every call — and an agent calls them with no built-in limits.

How to control Chrome Devtools

PolicyLayer is an MCP gateway — it sits between your AI agents and Chrome Devtools, and nothing reaches the server without passing your rules. These are the rules we recommend:

Deny destructive operations
{
  "uninstall_extension": {
    "deny_if": [
      {
        "conditions": [],
        "on_deny": "Blocked by default. Requires approval."
      }
    ]
  }
}

Destructive tools should never be available to autonomous agents without human approval.

Rate limit write operations
{
  "close_page": {
    "limits": [
      {
        "counter": "close_page_per_hour",
        "window": "hour",
        "max": 30,
        "scope": "grant"
      }
    ]
  }
}

Prevents bulk unintended modifications from agents caught in loops.

Cap read operations
{
  "get_console_message": {
    "limits": [
      {
        "counter": "get_console_message_per_minute",
        "window": "minute",
        "max": 60,
        "scope": "grant"
      }
    ]
  }
}

Controls API costs and prevents retry loops from exhausting upstream rate limits.

  1. Create a free account and register Chrome Devtools — nothing to install.
  2. Add these rules — paste them, or build them visually. Tune the limits to your setup.
  3. Point your MCP client (Claude, Cursor, anything) at your gateway URL.
ENFORCE POLICY ON CHROME DEVTOOLS →

Instant setup, no code required.

All 47 Chrome Devtools tools

EXECUTE 27 tools
Execute click Clicks on the provided element Execute click_at Clicks at the provided coordinates Execute drag Drag an element onto another element Execute emulate Emulates various features on the selected page. Execute evaluate Evaluates a JavaScript script Execute evaluate_script Evaluate a JavaScript function inside the currently selected page${cliArgs?.categoryExtensions ? Execute execute_3p_developer_tool Executes a tool exposed by the page. Execute execute_webmcp_tool Executes a WebMCP tool exposed by the page. Execute fill Type text into an input, text area or select an option from a <select> element. Execute fill_form Fill out multiple form elements (inputs, selects, checkboxes, radios) at once. ALWAYS prefer this tool over mu Execute handle_dialog If a browser dialog was opened, use this command to handle it Execute hover Hover over the provided element Execute install_extension Installs a Chrome extension from the given path. Execute lighthouse_audit Get Lighthouse score and reports for accessibility, SEO, best practices, and agentic browsing. This excludes p Execute navigate Loads a URL Execute navigate_page Go to a URL, or back, forward, or reload. Use project URL if not specified otherwise. Execute new_page Open a new tab and load a URL. Use project URL if not specified otherwise. Execute performance_start_trace Start a performance trace on the selected webpage. Use to find frontend performance issues, Core Web Vitals (L Execute performance_stop_trace Stop the active performance trace recording on the selected webpage. Execute press_key Press a key or key combination. Use this when other input methods like fill() cannot be used (e.g., keyboard s Execute reload_extension Reloads an unpacked Chrome extension by its ID. Execute resize_page Resizes the selected page Execute screencast_stop Stops the active screencast recording on the selected page. Execute trigger_extension_action Triggers the default action of an extension by its ID. Execute type_text Type text using keyboard into a previously focused input Execute upload_file Upload a file through a provided element. Execute wait_for Wait for the specified text to appear on the selected page.
READ 17 tools
Read get_console_message Gets a console message by its ID. You can get all messages by calling ${LIST_CONSOLE_MESSAGES_TOOL_NAME}. Read get_heapsnapshot_class_nodes Loads a memory heapsnapshot and returns instances of a specific class with their IDs. Read get_heapsnapshot_details Loads a memory heapsnapshot and returns all available information including statistics, static data, and aggre Read get_heapsnapshot_retainers Loads a memory heapsnapshot and returns retainers for a specific node ID. Read get_heapsnapshot_summary Loads a memory heapsnapshot and returns snapshot summary stats. Read get_network_request Gets a network request by an optional reqid, if omitted returns the currently selected request in the DevTools Read get_tab_id Get the tab ID of the page Read list_3p_developer_tools Lists all third-party developer tools the page exposes for providing runtime information. Third-party develo Read list_extensions Lists all the Chrome extensions installed in the browser. This includes their name, ID, version, and enabled s Read list_network_requests List all requests for the currently selected page since the last navigation. Read list_pages Get a list of pages${args?.categoryExtensions ? Read list_webmcp_tools Lists all WebMCP tools the page exposes. Read performance_analyze_insight Provides more detailed information on a specific Performance Insight of an insight set that was highlighted in Read screenshot Takes a screenshot Read take_heapsnapshot Capture a heap snapshot of the currently selected page. Use to analyze the memory distribution of JavaScript o Read take_screenshot Take a screenshot of the page or element. Read take_snapshot Take a text snapshot of the currently selected page based on the a11y tree. The snapshot lists page elements a

Related servers

Other MCP servers with similar tools — same risk classification, starter policies for each.

Questions about Chrome Devtools

Can an AI agent delete data through the Chrome Devtools MCP server? +

Yes. The Chrome Devtools server exposes 1 destructive tools including uninstall_extension. These permanently remove resources with no undo. PolicyLayer blocks destructive tools by default so they never reach the upstream server.

How do I prevent bulk modifications through Chrome Devtools? +

The Chrome Devtools server has 2 write tools including close_page, select_page. Set a rate limit in your policy -- for example, 10 calls per hour prevents an agent from making more than 10 modifications per hour. PolicyLayer enforces this at the gateway, before calls reach Chrome Devtools.

How many tools does the Chrome Devtools MCP server expose? +

47 tools across 4 categories: Destructive, Execute, Read, Write. 17 are read-only. 30 can modify, create, or delete data.

How do I enforce a policy on Chrome Devtools? +

Register the Chrome Devtools MCP server in PolicyLayer, apply the suggested rules above (adjust the limits to your use case), and point your AI client at the PolicyLayer proxy URL instead of the server directly. Your agents keep the same tools; PolicyLayer evaluates every call against policy before it executes. Nothing to install, live in minutes.

Enforce policy on every Chrome Devtools tool call.

Deterministic rules across all 47 Chrome Devtools tools. Per-identity grants. Full audit log. Live in minutes. Nothing to install.

Instant setup, no code required.

47 Chrome Devtools tools catalogued and risk-classified — across an index of 43,000+ MCP servers.

// GET IN TOUCH

Have a question or want to learn more? Send us a message.

Message sent.

We'll get back to you soon.