High-risk tools in Charlotte
6 of the 43 tools in Charlotte are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
charlotte_dev_auditExecuteRun accessibility and quality audits on the current page. Returns findings with severity levels and actionable recommendations.
-
charlotte_dev_serveExecuteServe a local directory as a static website and optionally watch for file changes. Navigates to the served URL and returns the page representation. File changes trigger automati...
-
charlotte_evaluateExecuteExecute JavaScript in page context. Supports single expressions and multi-statement code. Returns the completion value of the last expression-statement.
-
charlotte_hoverExecuteHover over an element to trigger hover states. Returns full page representation after hover.
-
charlotte_navigateExecuteLoad a URL in the active page. Returns page representation after navigation. Default minimal detail includes landmarks, headings, and interactive element counts — use charlotte_...
-
charlotte_wait_forExecuteWait for a condition to be met on the page. Returns page representation when the condition is satisfied, or a TIMEOUT error.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.