High-risk tools in Web Scraper

High severity Web Scraper MCP Server 22 of 62 tools

22 of the 62 tools in Web Scraper are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

cancel_job Execute

Cancel a running async job.
browser_evaluate Execute

Run a JavaScript expression on the current page and return the result.
browser_navigate Execute

Navigate the interactive browser to a URL.
browser_solve_challenge Execute

Explicitly trigger challenge detection and solving on the current page.
browser_wait_for Execute

Wait for selector state or a fixed delay on the active page.
new_session Execute

Start a fresh browser session, clearing all existing sessions.
run_bot_surface_diagnostic Execute

Run script-level bot surface diagnostics (scripts/bot_check.py).
run_browser_info_diagnostic_tool Execute

Collect browser fingerprint telemetry via scripts/get_browser_info.py.
run_challenge_diagnostic Execute

Run target-site diagnostics in either toolkit-native or matrix smoking-gun mode.
run_playbook Execute

Execute an Autonomous Crawl using a Playbook.
start_job Execute

Start a long-running job and return immediately with a `job_id`.
batch_scrape Execute

Scrape multiple URLs in parallel.
browser_hover Execute

Hover over an element by CSS selector.
deep_research Execute

Perform Deep Research (Search + Crawl + Report).
reload_runtime_config Execute

Reload runtime settings from config files.
browser_click Execute

Click an element on the current page by CSS selector.
browser_close Execute

Close the interactive browser session and free resources.
browser_press_key Execute

Press a keyboard key (Enter, Escape, Tab, ArrowDown, etc.).
browser_scroll Execute

Scroll page content or a specific scrollable element.
browser_type Execute

Type text into an input field on the current page.
click_element Execute

Navigate to URL and click an element (for JS triggers, expanding sections).
fill_form Execute

fill_form

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

High-risk tools in Web Scraper

Tools at high risk

Attacks that target this class

More on Web Scraper

Enforce policy on every Web Scraper tool call.