High-risk tools in Leapfrog
5 of the 37 tools in Leapfrog are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
batch_actionsExecuteExecute multiple browser actions sequentially in a single MCP call. Eliminates round-trip overhead for humanization sequences (e.g. Bezier mouse paths, typed text with delays). ...
-
executeExecuteRun a Playwright script with access to { page, context }. One tool call replaces 5-20 sequential MCP round trips. Use for complex flows with conditional logic, loops, error hand...
-
navigateExecuteNavigate to a URL and return a compact accessibility snapshot with @eN refs. Refs like @e1, @e2 can be passed directly to the 'act' tool — no CSS selectors needed. Snapshots are...
-
wait_forExecuteWait for a condition before proceeding. Supports: element visible, text appears, network idle, URL navigation, JS expression truthy. Returns a fresh snapshot after the wait comp...
-
wait_for_humanExecutePause and request human intervention. Shows the @..@ overlay with your reason. Use when you encounter a CAPTCHA, login wall, or any situation requiring human action. The tool bl...
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.