High-risk tools in DOMShell
6 of the 38 tools in DOMShell are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
domshell_eachExecuteRun a command across multiple open tabs. Iterates over all non-chrome tabs (optionally filtered by title/URL pattern), switches into each, runs the command, and collects results...
-
domshell_executeExecuteRun DOMShell commands to browse and read web pages — the primary DOMShell interface. DOMShell maps a page
-
domshell_jsExecuteExecute arbitrary JavaScript in the current tab and return the result. Use this for complex DOM queries, CSS selector extraction, or any operation that would take multiple DOMSh...
-
domshell_navigateExecuteNavigate the current tab to a URL. Automatically rebuilds the accessibility tree after navigation completes. Requires a tab context (cd into a tab first). Use this to go to a sp...
-
domshell_scriptExecuteSave and run multi-command scripts. Scripts persist across service worker restarts.\n\nSubcommands:\n script list List saved scripts\n script save <name> cm...
-
domshell_waitExecuteWait for an element to appear in the AX tree. Polls the tree every 500ms until the element is found or timeout is reached. Use after clicks or navigation that trigger async cont...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.