High-risk tools in CDP-MCP Server
19 of the 36 tools in CDP-MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
cdp_attach_targetExecuteAttach to a specific Chrome target by ID
-
cdp_connectExecuteConnect to a Chromium instance (discovers running instance or launches one)
-
cdp_send_commandExecuteSend a raw CDP command to the browser. Unlocks all CDP domains (Page, DOM, Input, Fetch, etc.) except Accessibility and Memory.
-
debugger_blackbox_scriptExecuteSet URL patterns for scripts to skip during stepping (e.g. vendor libraries)
-
debugger_enableExecuteEnable the JavaScript debugger for the current target
-
debugger_evaluate_on_frameExecuteEvaluate a JavaScript expression in the context of a paused call frame
-
debugger_pauseExecuteForce pause JavaScript execution immediately
-
debugger_resumeExecuteResume execution from a paused state
-
debugger_set_breakpointExecuteSet a breakpoint at a URL and line number (1-based). Use urlRegex for pattern matching.
-
debugger_set_exception_breakpointsExecuteConfigure when to pause on exceptions
-
debugger_step_intoExecuteStep into the function call on the current line
-
debugger_step_outExecuteStep out of the current function back to the caller
-
debugger_step_overExecuteStep over the current line (stays in the same function)
-
network_continue_requestExecuteContinue a paused request (optionally modify URL, method, headers, or body)
-
network_disable_interceptionExecuteDisable network interception and continue all paused requests
-
network_enable_interceptionExecuteEnable network request interception (pauses matching requests for inspection/modification). WARNING: paused requests block the page.
-
network_fail_requestExecuteFail a paused request with a specific error reason
-
network_fulfill_requestExecuteRespond to a paused request with a custom response (mock/intercept the response entirely)
-
runtime_evaluateExecuteEvaluate a JavaScript expression in the global page context
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.