High-risk tools in Chrome Debugger MCP
9 of the 18 tools in Chrome Debugger MCP are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
evaluateExecute 3/5[STEP 6b] Evaluate any JavaScript expression in the context of the currently paused call frame. Use this to inspect nested objects, call methods, compute derived values, or ve...
-
launchChromeExecute 4/5[STEP 1] Launch a dedicated Chrome instance with remote debugging enabled (default port 9222). Uses --user-data-dir=~/.chrome-debug-profile so your normal Chrome keeps running (...
-
reloadPageExecute 3/5[STEP 5a] Reload the connected page via Chrome DevTools Protocol. More reliable than manual browser refresh — maintains the CDP connection and ensures debugger; statements and...
-
startDebuggingSessionExecute 3/5CALL THIS FIRST whenever browser-side debugging is needed — before any other tool. Auto-trigger when user mentions any of: debug, breakpoint, debugger, inspect, trace, step t...
-
stepIntoExecute 3/5[STEP 7] BLOCKING: step into the next function call, then wait until the debugger pauses again. Follow with getScopeVariables() to observe inner-function state.
-
stepOutExecute 3/5[STEP 7] BLOCKING: step out of the current function and wait until the debugger pauses again in the caller. Use to observe the return value and the state of the calling context.
-
stepOverExecute 3/5[STEP 7] BLOCKING: step over the current statement without entering function calls, then wait until the debugger pauses again. Follow with getScopeVariables() to observe how loc...
-
waitForPauseExecute 3/5[STEP 5b — FALLBACK] BLOCKING call — waits until ANY debugger pause occurs (breakpoint, debugger; statement, or exception). Before blocking, sends a notification to the user t...
-
waitForSpecificPauseExecute 3/5[STEP 5b — PREFERRED] BLOCKING call — waits for the next debugger pause, then checks if it matches the target location. ⚠️ NO AUTO-RESUME: execution stays paused after this...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.
More on Chrome Debugger MCP
Enforce policy on Chrome Debugger MCP
One command generates a policy scaffold for every server in your MCP config.
npx -y @policylayer/intercept init