High-risk tools in Safari
13 of the 91 tools in Safari are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
safari_emulateExecuteEmulate a mobile device by resizing window and setting user agent. Devices: iphone-14, iphone-14-pro-max, ipad, ipad-pro, pixel-7, galaxy-s24. Or use custom width/height.
-
safari_evaluateExecuteExecute JavaScript in the current page. Automatically falls back to AppleScript when CSP blocks execution (e.g. Google Search Console, LinkedIn). For reading data, prefer safari...
-
safari_native_hoverExecuteOS-level mouse hover via macOS CGEvent — moves the real cursor to an element to trigger native :hover / mouseenter handlers. Use for obfuscated UIs where JS-dispatched mouseente...
-
safari_navigateExecuteNavigate to a URL in Safari. Waits for page to fully load.
-
safari_navigate_and_readExecuteNavigate to a URL and return the page content in one step — saves 1 full round-trip vs navigate+read_page. Use instead of safari_navigate + safari_read_page.
-
safari_new_tabExecuteOpen a new tab, optionally with a URL
-
safari_performance_metricsExecuteGet detailed performance metrics: navigation timing, Web Vitals (FCP, LCP, CLS), resource breakdown, memory usage
-
safari_run_scriptExecuteBatch multiple Safari actions in ONE call. Steps: [{action, args}]. Actions match other safari_* tool names without prefix (e.g.
-
safari_start_consoleExecuteStart capturing console messages (log, warn, error, info). Call once per page.
-
safari_start_network_captureExecuteStart capturing detailed network requests (fetch + XHR) with headers, status, timing. Call once per page. Intercepts fetch/XHR — captures requests AFTER this call only. For quic...
-
safari_waitExecuteWait for a fixed time in milliseconds. Use only when you need a brief pause between actions. PREFER safari_wait_for (waits for element/text to appear) — it
-
safari_wait_forExecuteWait for an element or text to appear on the page
-
safari_wait_for_new_tabExecuteWait for a new tab to appear (e.g. after OAuth login click opens popup). Automatically switches to the new tab.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.