High-risk tools in Chrome Devtools

High severity Chrome Devtools MCP Server 8 of 29 tools

8 of the 29 tools in Chrome Devtools are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.

Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.

Tools at high risk

emulate Execute 3/5

Emulates various features on the selected page.
lighthouse_audit Execute 3/5

Get Lighthouse score and reports for accessibility, SEO and best practices. This excludes performance. For performance audits, run performance_start_trace
navigate_page Execute 3/5

Go to a URL, or back, forward, or reload. Use project URL if not specified otherwise.
new_page Execute 3/5

Open a new tab and load a URL. Use project URL if not specified otherwise.
performance_analyze_insight Execute 3/5

Provides more detailed information on a specific Performance Insight of an insight set that was highlighted in the results of a trace recording.
performance_start_trace Execute 4/5

Start a performance trace on the selected webpage. Use to find frontend performance issues, Core Web Vitals (LCP, INP, CLS), and improve page load speed.
performance_stop_trace Execute 4/5

Stop the active performance trace recording on the selected webpage.
wait_for Execute 3/5

Wait for the specified text to appear on the selected page.

Attacks that target this class

High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.

High-risk tools in Chrome Devtools

Tools at high risk

Attacks that target this class

More on Chrome Devtools

Enforce policy on Chrome Devtools