High-risk tools in Kernel MCP Server
7 of the 16 tools in Kernel MCP Server are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
computer_actionExecuteExecute computer actions on a browser session. Pass a single action for simple operations (e.g. one click or one screenshot), or pass multiple actions to batch them into a singl...
-
exec_commandExecuteExecute a command synchronously inside a browser VM. Returns stdout, stderr, and exit code. The command field is the executable; use args for its arguments. Common uses: read fi...
-
execute_playwright_codeExecuteExecute Playwright/TypeScript automation code against a Kernel browser session. If session_id is provided, uses that existing browser; otherwise creates a new one. Returns the r...
-
browser_curlExecuteSend an HTTP request through an existing Kernel browser session
-
manage_appsExecuteManage Kernel apps, deployments, and invocations. Use
-
manage_browser_poolsExecuteManage pools of pre-warmed browser instances for fast acquisition. Use
-
manage_browsersExecuteManage browser sessions in the Kernel platform. Use action
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.