Critical-risk tools in Termux Browser Pilot
18 of the 148 tools in Termux Browser Pilot are classified as critical risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at critical risk
-
browser_auth_deleteDestructiveDelete a saved auth session.
-
browser_console_clearDestructiveClear all captured console log messages.
-
browser_cookies_clearDestructiveClear all browser cookies.
-
browser_dialog_clearDestructiveClear all captured dialog messages.
-
browser_events_clearDestructiveClear all captured DOM events.
-
browser_headers_clearDestructiveClear all custom HTTP headers and remove fetch/XHR hooks.
-
browser_mock_clearDestructiveRemove response mock(s).
-
browser_mutations_clearDestructiveClear all captured DOM mutations.
-
browser_network_clearDestructiveClear all captured network requests.
-
browser_profile_deleteDestructiveDelete a saved browser profile.
-
browser_responses_clearDestructiveClear all captured response bodies.
-
browser_session_deleteDestructiveDelete a saved session.
-
browser_storage_clearDestructiveClear all items in localStorage or sessionStorage.
-
browser_storage_removeDestructiveRemove a key from localStorage or sessionStorage.
-
browser_unblockDestructiveRemove URL patterns from the blocklist.
-
browser_snapshot_deleteDestructiveDelete a named snapshot.
-
browser_tab_closeDestructiveClose the current browser tab.
-
browser_window_closeDestructiveClose the current browser window (popup).
Attacks that target this class
Critical-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.