High-risk tools in Daytona Playwright MCP Server
19 of the 26 tools in Daytona Playwright MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
browser_backExecuteNavigate back in browser history.
-
browser_clickExecutebrowser_click
-
browser_download_waitExecuteWait for a download to start and complete, returning the downloaded file path.
-
browser_evaluateExecuteExecute JavaScript in the page context and return the result.
-
browser_forwardExecuteNavigate forward in browser history.
-
browser_hoverExecuteHover over an element on the page.
-
browser_navigateExecuteNavigate the browser to a URL.
-
browser_new_tabExecuteOpen a new browser tab and switch to it.
-
browser_pressExecutebrowser_press
-
browser_refreshExecuteRefresh the current page.
-
browser_scrollExecuteScroll the page or a specific element.
-
browser_selectExecutebrowser_select
-
browser_startExecuteStart a new browser session in a Daytona sandbox.
-
browser_stopExecuteStop the browser and clean up the Daytona sandbox.
-
browser_switch_tabExecuteSwitch to a different browser tab by index.
-
browser_typeExecuteType text into an input field or editable element.
-
browser_upload_fileExecutebrowser_upload_file
-
browser_wait_for_navigationExecutebrowser_wait_for_navigation
-
browser_wait_for_selectorExecuteWait for an element to reach a specific state.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.