High-risk tools in Selenium MCP Server
16 of the 30 tools in Selenium MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
clear_fieldExecuteclears a text field, handling both basic and sophisticated clearing
-
click_elementExecuteClicks an element
-
double_clickExecuteperforms a double click on an element
-
navigateExecuteNavigates to a URL
-
press_keyExecutesimulates pressing a keyboard key
-
refresh_pageExecuterefreshes the current page
-
right_clickExecuteperforms a right click (context click) on an element
-
scroll_pageExecutescrolls the page in a specified direction
-
scroll_to_elementExecutescrolls the page until an element is in view
-
send_keysExecuteSends keys to an element
-
start_browserExecuteLaunches browser
-
switch_to_default_contentExecuteswitches back to the main document from an iframe
-
switch_to_iframeExecuteswitches to an iframe
-
switch_to_new_windowExecuteswitches to a new window that is not the parent
-
switch_to_windowExecuteswitches to a specific window by handle
-
wait_for_page_loadExecutewaits for page to fully load
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.