High-risk tools in Chrome DevTools

High severity Chrome DevTools MCP Server 27 of 50 tools

27 of the 50 tools in Chrome DevTools are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

emulate Execute

Emulates various features on the selected page.
execute_3p_developer_tool Execute

Executes a tool exposed by the page.
execute_webmcp_tool Execute

Executes a WebMCP tool exposed by the page.
lighthouse_audit Execute

Get Lighthouse score and reports for accessibility, SEO, best practices, and agentic browsing. This excludes performance. For performance audits, run ${startTrace.name}
navigate Execute

Loads a URL
navigate_page Execute

Go to a URL, or back, forward, or reload. Use project URL if not specified otherwise.
new_page Execute

Open a new tab and load a URL. Use project URL if not specified otherwise.
performance_start_trace Execute

Start a performance trace on the selected webpage. Use to find frontend performance issues, Core Web Vitals (LCP, INP, CLS), and improve page load speed.
performance_stop_trace Execute

Stop the active performance trace recording on the selected webpage.
screencast_stop Execute

Stops the active screencast recording on the selected page.
trigger_extension_action Execute

Triggers the default action of an extension by its ID.
wait_for Execute

Wait for the specified text to appear on the selected page.
evaluate Execute

Evaluates a JavaScript script
evaluate_script Execute

Evaluate a JavaScript function inside the currently selected page${cliArgs?.categoryExtensions ?
hover Execute

Hover over the provided element
reload_extension Execute

Reloads an unpacked Chrome extension by its ID.
click Execute

Clicks on the provided element
click_at Execute

Clicks at the provided coordinates
drag Execute

Drag an element onto another element
fill Execute

Type text into an input, text area or select an option from a <select> element.
fill_form Execute

Fill out multiple form elements (inputs, selects, checkboxes, radios) at once. ALWAYS prefer this tool over multiple individual
handle_dialog Execute

If a browser dialog was opened, use this command to handle it
install_extension Execute

Installs a Chrome extension from the given path.
press_key Execute

Press a key or key combination. Use this when other input methods like fill() cannot be used (e.g., keyboard shortcuts, navigation keys, or special key combinations).
resize_page Execute

Resizes the selected page
select_page Execute

Select a page as a context for future tool calls.
type_text Execute

Type text using keyboard into a previously focused input

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

High-risk tools in Chrome DevTools

Tools at high risk

Attacks that target this class

More on Chrome DevTools

Enforce policy on every Chrome DevTools tool call.