High-risk tools in Chrome Extension MCP Bridge
7 of the 11 tools in Chrome Extension MCP Bridge are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
click_elementExecuteClick on an element in a browser tab identified by CSS selector.
-
execute_jsExecuteExecute arbitrary JavaScript code in the context of a browser tab. Returns the result of the execution. Use with caution.
-
hover_elementExecuteHover over (mouseover) an element identified by CSS selector.
-
mouse_click_atExecuteClick at specific x,y pixel coordinates on the page.
-
open_tabExecuteOpen a new browser tab with the specified URL.
-
scroll_pageExecuteScroll the page in a browser tab. Can scroll by direction (up/down/left/right),
-
type_textExecuteType text into an input field, textarea, or contenteditable element identified by CSS selector.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.