High-risk tools in Chrome DevTools

High severity Chrome DevTools MCP Server 15 of 29 tools

15 of the 29 tools in Chrome DevTools are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

click Execute 4/5

Click on a page element
drag Execute 4/5

Drag an element on the page
emulate Execute 3/5

Simulate different devices and network conditions
evaluate_script Execute 5/5

Execute arbitrary JavaScript on the page
fill Execute 4/5

Input text into a form field
fill_form Execute 5/5

Complete an entire form with values
handle_dialog Execute 4/5

Accept or dismiss browser dialogs
hover Execute 3/5

Trigger hover state on an element
lighthouse_audit Execute 3/5

Run Lighthouse audit checks on the page
navigate_page Execute 5/5

Navigate to a URL in the browser
new_page Execute 4/5

Open a new browser page
performance_start_trace Execute 3/5

Start recording a performance trace
press_key Execute 4/5

Simulate keyboard input on the page
type_text Execute 4/5

Enter text character-by-character
upload_file Execute 5/5

Upload a file through a form input

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

Destructive Action Autonomy
Runaway Tool Loops
Prompt Injection via Tool Results

High-risk tools in Chrome DevTools

Tools at high risk

Attacks that target this class

More on Chrome DevTools

Enforce policy on Chrome DevTools