High-risk tools in Browser

High severity Browser MCP Server 5 of 29 tools

5 of the 29 tools in Browser are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

browser_execute_script Execute 4/5

Execute JavaScript code in the context of the current page. Returns the result.
browser_hover Execute 3/5

Hover over an element to trigger tooltips, dropdown menus, or hover states. Supports CSS and text selectors.
browser_navigate Execute 3/5

Navigate the active browser tab to a URL. Reuses the current tab by default (no tab spam). Pass new_tab=true only when you need to keep the current page open.
browser_wait Execute 3/5

Wait for an element to appear on the page. Supports CSS and text-based selectors.
browser_wait_for_network Execute 3/5

Wait for a network request to complete. Useful after clicking buttons that trigger API calls — ensures data is loaded before reading the page. Monitors real network traffic via ...

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

High-risk tools in Browser

Tools at high risk

Attacks that target this class

More on Browser

Enforce policy on Browser