High-risk tools in MCP JS Debugger
8 of the 18 tools in MCP JS Debugger are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
connect_debuggerExecuteEstablishes a new debugging session by connecting to a Chrome DevTools Protocol (CDP) endpoint.
-
evaluate_expressionExecuteEvaluates a JavaScript expression in the context of a specific call frame or global context.
-
pause_executionExecutePauses execution at the next possible opportunity.
-
resume_executionExecuteResumes execution after being paused at a breakpoint or by pause_execution.
-
set_pause_on_exceptionsExecuteConfigures whether the debugger should pause when exceptions are thrown.
-
step_intoExecuteSteps into a function call if the current line contains one, otherwise steps to the next statement.
-
step_outExecuteSteps out of the current function and pauses at the calling code.
-
step_overExecuteSteps over the current statement to the next line in the same function.
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.