High-risk tools in PlayMCP Browser Automation Server
20 of the 38 tools in PlayMCP Browser Automation Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
evaluateWithReturnExecuteExecute JavaScript code and return the result
-
executeJavaScriptExecuteExecute arbitrary JavaScript code on the current page and return the result
-
navigateExecuteNavigate to a URL
-
waitForSelectorExecuteWait for a specific selector to appear on the page
-
waitForTextExecuteWait for specific text to appear on the page
-
goForwardExecuteNavigate forward to the next page in history
-
hoverExecuteHover over an element on the page
-
clickExecuteClick an element
-
dragAndDropExecuteDrag and drop from one element to another
-
handleDialogExecuteHandle browser dialogs (alerts, confirms, prompts)
-
mouseClickExecuteClick at specific coordinates
-
mouseDragExecuteDrag from one coordinate to another
-
mouseMoveExecuteMove mouse to specific coordinates
-
moveMouseExecuteMove mouse to coordinates
-
openBrowserExecuteLaunch a new browser instance
-
pressKeyExecutePress a key on the keyboard
-
resizeExecuteResize the browser viewport
-
scrollExecuteScroll the page by specified amounts with enhanced feedback
-
selectOptionExecuteSelect option(s) in a dropdown or select element
-
typeExecuteType text into an element
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.