High-risk tools in Camoufox
17 of the 42 tools in Camoufox are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
dismiss_popupsExecuteDismiss cookie consent popups and overlays
-
evaluate_isolatedExecuteExecute JavaScript in an ISOLATED context (sandboxed, separate from page scripts). USE THIS TOOL WHEN YOU NEED TO: - Make async operations (fetch, setTimeout, Promises) - Query...
-
evaluate_mainworldExecuteExecute JavaScript in the page
-
hoverExecuteHover over an element by its UID
-
init_user_configExecuteInitialize user config directory (~/.config/camoufox-mcp) with default settings
-
inject_contextExecuteInject browser context (cookies + localStorage) from a JSON file into a session or page\
-
navigate_pageExecuteNavigate to a URL or go back/forward/reload
-
new_pageExecuteCreate a new browser page/tab, optionally navigating to a URL. Specify sessionId to create in a specific session.
-
reload_settingsExecuteReload settings from config file
-
start_console_captureExecuteStart capturing browser console messages
-
start_network_captureExecuteStart capturing network requests
-
start_recordingExecuteStart recording user interactions (clicks, scrolls, inputs)
-
stop_console_captureExecuteStop capturing console messages
-
stop_network_captureExecuteStop capturing network requests
-
stop_recordingExecuteStop recording and return captured actions
-
wait_forExecuteWait for text or selector to appear on the page
-
wait_for_navigationExecuteWait for page navigation to complete
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.